14 DAY TRIAL // A new Facebook application brings the popular social networking service back in the spotlight, as it attempts to take users on a dangerous website and deploy malicious files on their computers. 'Secret Crush' is a Facebook application claiming that it is able to disclose the friend's name that has a "secret crush" for a certain registered member. The application requires Facebook members to invite five other friends to use it, but instead of revealing the secret admirer, 'Secret Crush' takes the users to a malicious website attempting to drop an infection.
One of the infections has been identified as MyWebSearch, a computer threat that displays unwanted pop-up adverts on all the affected computers.
"Whoever wrote this Secret Crush application is cashing-in big time, by encouraging people to download the adware. As an affilate for the people displaying the nuisance pop-up adverts, they are getting paid for each successful installation", said Graham Cluley, senior technology consultant for Sophos.
"Facebook users must show greater discretion about how they use the site, and which applications they install. These third party widgets are not written by Facebook, and can mean that you are carelessly sharing your personal information with strangers or risking your computer's security."
What's worse is that 'Secret Crush' is extremely popular among the registered members of the social networking service, Sophos estimating that approximately "4% of Facebook's daily users are said to have the Secret Crush application installed". Facebook has already removed the application from its search listings, but some people may get infected in the near future.
"Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours. If workers are allowed to be given access to these sites then it's vital that they are do not put their personal and corporate data at risk", the Sophos expert added.