Feeds

Facebook exploit toolkit dumbs down rogue app creation

Scary monster and super profile creeps

Internet Security Threat Report 2014

Miscreants have begun selling a cut-price point and click Facebook rogue application generation tool, designed for script kiddies too clueless to code their own malicious application.

The rogue Facebook app creation tool kit is available is available at just $25, net security firm Websense reports.

The toolkit offers a means to direct surfers towards survey scams, spread malware or act as a tool in furtherance of click-fraud scams, all by following a simple set of instructions. Bogus applications generated via the tool, called Tinie Facebook Viral Application, would offer lures such as the supposed opportunity to check on who has been viewing a Facebook profile.

The functionality of one rogue tool created by the toolkit, Facebook Profile Creeper Tracker Pro, as well as the toolkit itself is explained in a blog post containing screenshots by Websense here.

Patrik Runald, senior manager of security research at Websense, described the toolkit as an example of the commoditisation of internet scams.

"The bad guys will continue to look to take advantage of every available resource on the Web, including Facebook, in an effort to make money or steal information," Runald explained. "With the introduction of exploit kits and the templates for rogue Facebook applications, like the one we just discovered, the threshold for entry for criminal activity is significantly lowered."

"These kits are increasingly becoming commoditised and, with it, the potential pool of attackers and victims increases." ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.