Zango Slithers Through Facebook as a Worm

by Michael on January 14th, 2008 in Industry and Security News, Security Alerts.

fortinetZango, despite their best intentions, just can't seem to help themselves. They are at it again, this time using social engineering to help spread their worm that is masquerading as a secret crush on your Facebook page.

Before you can find out who the secret crush is you have to agree to download an application that allows it to:

(photo: Fortinet)

  • Know who you are and access your information
  • Put a box in your profile (with their info, of course)
  • Place a link in your left-hand navigation
  • Publish stories in your news feed and mini feed
  • Place a link below the profile picture of any profile

Wow!

In other words, your Facebook page will instantly become the property of the bean counters at Zango and you will become a bonified spyware distributor in the process.

The folks over at Fortinet have posted a very good pictorial overview of this Zango worm process, so make sure to check it out.

As you know, Lavasoft's corporate ethics include working with these vendors, Zango included, to make social change in our industry. We have worked with Zango a few times directly and provided very specific guidelines for why the applications addressed are detected, and what it takes to develop the application so that it would not be considered invasive to consumers. But, time and time again they get caught in their own web.

Social network sites are great channels of borderless communications, but this is just another reminder to be careful out there!