Sunday, July 22, 2007

First Facebook worm[-ish behaviour]?

A friend of mine supposedly sent me a Facebook-based invite for an FB app called Advanced Wall. It came as a notification in FB and prompted me to retrieve a message from my contact by adding the app to my profile.

'k, I bite, since I'm in Facebook-API-craze mode for work and fun anyway and get the following, as allegedly written by my friend:

Check this out!

It's an Advanced Wall!

You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more...

:)

Odd.. Especially from the supposed author...

First, I was just curious to know if they are using tinyMCE for the advanced editor, like WordPress and co. Evidently, I dig a bit deeper, and fire up Firebug, which as a complete aside is the most amazing piece of software. I use it everyday, and am still baffled by how efficient and powerful it all is.

So, the Javascript doesn't look familiar and the editor's iframe goes to http://ai.idlestudios.com/write.php, a domain which strangely enough doesn't respond under http://www.idlestudios.com/ or http://idlestudios.com/, and just redirects http://ai.idlestudios.com/ to the app's description inside FB (as of 2007-07-22, ~1 AM).

Odder...

Head off the the terminal: whois idlestudios.com tells me the domain is registered to a more than likely fine fellow from the Russian Federation, which in and of itself doesn't really imply anything.

But that's when I start noticing the ads in multiple locations around the Advanced Wall's WYSIWYG editor. Text ads, subtly placed in the telling Facebook colour scheme. Blockbuster, icon sets, the usual.

So on to my friend's profile I go, and what do you know? What do I see on his wall, with no other message than:

Check this out!

It's an Advanced Wall!

You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more...

:)

Really? And it's coming from someone else in my contact's own friend list...

Next: Facebook » Profile » Applications » Edit » Remove

:)

This all said, I haven't gotten a reply from my friend yet on if he actually sent the invite in the first place (it's late, and the invite was sent at 11:59pm), so maybe I'm just seeing things and outta get to bed. I'll post an update here when I know more. Call me traumatized by another friend's experience. ;P See update below.

Personally, I'm not sure I'm willing to go for this one anyway. Best case scenario, it's gonna be MySpace all over again...

And if by any chance you receive an invite for Advanced Wall from me, you'll at least know how it did not get there: Not-by-my-click.

Update (20:45): Well, it seems that my friend is a surprised as I was. Although he did see an option to invite his friends, he is fairly sure he canceled. Yet, the app seems to have propagated itself to his contact list. He also had the same reaction as I with the dubious first message template, and brought to light an error message he received from the app stating "there are still glitches we're working on with the facebook team". So worm[-ish]? Questionable interaction design? Buggy app? Plain old bad taste? I'm not a security expert by any stretch, so I'll hold off on the labeling, but as a software developer, I say: none for me, thanks.

2 comments:

Anonymous said...

I just recently got a facebook message from a friend saying "LOL. You've been catched on hidden cam, yo. I found this in the local network!!!" and gave a link to a website containing a virus or worm of some sort. The strange thing is that the friend the message came from didn't write the message to me. Can malicious programs actually take control of someones facebook account and send messages to friends to try and spread itself?

Anonymous said...

Ive managed to be hit by porn links being attached into messages im sending on facebook from a PC i would trying to fix which was infected with all sorts of things.
needless to say the people who received them were not amused.