"Secret Crush" Facebook Application Spreads Zango Adware/Spyware

Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a “Platform Application”) actively spreading on the social networking site which ultimately prompts users to install the infamous “Zango” adware/spyware.

The malicious widget, called “Secret Crush” first appears as a Facebook request according to Fortinet. In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using “Secret Crush” (this happens frequently with Facebook’s Platform Application).

Clicking the “Find Out Who!” button leads to the standard third-party application install page, essentially stating that the referred application will be granted access to user’s details upon installation. The user is then prompted to click on “Download Now” button, which leads to a copy of the infamous Zango adware/spyware.

The Secret Crush program also tries to lure people who download the file to pass it along to other Facebook members they know, according to Fortinet’s research.

The security vendor also contends that as many as 3 percent of Facebook’s almost 60 million registered users, which amounts to over one million users have already downloaded the adware-bearing program.

As of January 4, 2008 the application’s installed user base has grown from 3% to 4% of Facebook users, and has changed its name from “Secret Crush” to “My Admirer”.

Support Our Sponsors