Proof-of-Concept Malicious Application

ZDNet’s Zero Day blog reports today that researchers from the Institue for Computer Science have built a simple Facebook application that users will find desirous and innocuous – yet it is actually malicious.

As many, including this very hacker have been saying for some time, it’s only a matter of time before black hat developers start taking advantage of social networking applications for harmful purposes.  One of the primary reasons I started this blog was to raise awareness of the problems that can easily arise on social networking sites.  Now the folks at ICS have provided an excellent example of what could happen.

The application is presents a “photo of the day” from National Geographic, yet behind the scenes makes use of those installing to create a botnet for denial-of-service attacks.  The threat of such an attack is real:

Interestingly, the researchers made no effort to advertise/distribute its Facebook application but was able to attract more than 1,000 users in the first few days. With a bit of effort to manipulate the viral nature of app distribution on Facebook (the inherent trust of the social network model), a malicious Facebot with tens of thousands of users can do some serious damage.

Social networking applications are inherently difficult to police, but if nothing else, this one should help spur both users and developers to understand the risks involved and hopefully find new solutions.