You are currently browsing the monthly archive for November 2010.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here is this week’s Top 10 lists.
Most Dangerous
| Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
| 1 | 1 | Justin Bieber | 1437 | 1236 |
| 2 | 5 | Harry Potter | 379 | 465 |
| 3 | 2 | Twilight | 379 | 701 |
| 4 | 9 | Lil Wayne | 375 | 405 |
| 5 | 44 | FarmVille | 345 | 201 |
| 6 | 6 | Usher | 334 | 437 |
| 7 | 3 | Texas Hold’em Poker | 324 | 503 |
| 8 | 14 | Shakira | 302 | 380 |
| 9 | 13 | Linkin Park | 284 | 383 |
| 10 | 22 | AKON | 269 | 272 |
Spamiest
| Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
| 1 | 1 | Lil Wayne | 2253 | 2150 |
| 2 | 2 | Texas Hold’em Poker | 2116 | 2047 |
| 3 | 4 | Drake | 1475 | 1706 |
| 4 | 16 | Real Madrid C.F. | 1415 | 857 |
| 5 | 21 | FarmVille Cows | 1325 | 722 |
| 6 | 19 | FarmVille Sheep | 1188 | 756 |
| 7 | 8 | Wiz Khalifa | 1170 | 1402 |
| 8 | 7 | Justin Bieber | 1133 | 1512 |
| 9 | 15 | FC Barcelona | 867 | 878 |
| 10 | — | Michael Jackson | 784 | — |
A few notes about this week’s list:
Looking at the dangerous listing, we are seeing a correlation between the pages targeted and celebrity news. For example Justin Bieber, Usher, Twilight, Lil Wayne, and Harry Potter were in the Top 10 last week and continue to be a presence this week. We are also seeing a reemergence of the various Zynga games. This holds true from last week. We expect to continue to see the same trend over the coming weeks.
As for the spamiest list, this week is showing multiple social game pages, celebrity pages, and even some soccer team pages. We are expecting to see a continuous presence of social games in this category. We may be seeing the soccer teams because of a few matches played in the last week. Due to the appearance of the teams of the field, we may assume there was an increase of visits to their Facebook pages.
In keeping with our policy of vigilance, we recently have found another attack targeting Justin Bieber’s Facebook page. If you recall from last week’s Top 10 list, Justin Beiber’s Facebook page achieved the top spot in the Dangerous category and the seventh spot in the Spamiest category. To better acquaint you with the threat, we’ve broken down what happens.
Here we see some “Breaking News”:
Apparently, Justin Beiber has been caught red-handed! Quick, click “subscribe.”
Uh, that’s not what we were expecting, but never mind that right now. Onwards!
There we go! Now we can watch our video.
…
Wait a minute! Does that say YouTube? We could have seen this (shaky) video by simply going directly to YouTube. What was all that messing around with permissions?
And just look at what this app has done to our wall.
Spam. In our name. Bad app, no treat.
The moral of this story is, never allow an app more permission than it should logically need. All this app claimed it was going to do was show us a video, so why would it need permission to post to our wall, access our data anytime, or manage our pages?
If you or someone you know has fallen victim to this app or one of the many others like it, you should revoke the app’s permissions. To do this, go to “Account>Privacy Settings”. Under “Applications and Websites,” click “Edit your settings.” Then click “Remove unwanted or spammy applications.” Finally, click the little “x” by the app you want to remove and confirm your desire to remove it by clicking the blue “Remove” button in the box that pops up.
And if you really must see that video of Justin Beiber kissing some girl…
http://www.youtube.com/watch?v=qyRA2xyK1e8
Knock yourself out.
Last week, we published the first of our weekly “Top 10” lists on the most dangerous and spamiest Facebook Pages. If you would like to see last week’s lists and understand how we come up with the lists, check out our initial post here.
Here are this week’s Top 10 lists…
Most Dangerous
| Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
| 1 | 1 | Justin Bieber | 1236 | 670 |
| 2 | 34 | Twilight | 701 | 43 |
| 3 | 2 | Texas Hold’em Poker | 503 | 239 |
| 4 | 23 | Dirty Dancing | 483 | 55 |
| 5 | 101 | Harry Potter | 465 | 25 |
| 6 | 117 | Usher | 437 | 22 |
| 7 | — | Mama Mary | 418 | — |
| 8 | 22 | Michael Jackson | 407 | 55 |
| 9 | 48 | Lil Wayne | 405 | 38 |
| 10 | 37 | YouTube | 402 | 42 |
Spamiest
| Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
| 1 | — | Lil Wayne | 2150 | — |
| 2 | — | Texas Hold’em Poker | 2047 | — |
| 3 | 3 | FrontierVille | 1926 | 1155 |
| 4 | — | Drake | 1706 | — |
| 5 | 1 | FarmVille | 1622 | 1489 |
| 6 | 42 | Underground & Gangsta Rap | 1598 | 167 |
| 7 | — | Justin Bieber | 1512 | — |
| 8 | 2 | Wiz Khalifa | 1402 | 1477 |
| 9 | 63 | Mafia Wars | 1329 | 120 |
| 10 | 63 | Fikra ve Espiri Dünyasi | 1243 | 120 |
A few notes about this week’s lists:
Last week our “Top 10” included many social games. This week we are seeing more celebrity pages included. Perhaps this is tied to current events. For example, Lil Wayne was just released from jail and has had a resurgence in news exposure this past week. It will be interesting to continue tracking this trend in the coming weeks.
A lot of the activity related to the “most dangerous” list was due to a malicious application outbreak on November 17. The app enticed the user with “See the shocking video of the 1-year-old girl who CARRIES TWIN SISTER inside belly.” To see the video, the user had to authorize the application. Once authorized, the app proceeded to spam the user and possibly the user’s fan pages to propagate, or spread.
A point of interest is the inclusion of Mama Mary, a Facebook page dedicated to Mary, the Mother of Jesus. We don’t usually see religious-centered pages enter into the Top 10. This one seems to be an instance of collateral damage. The same malware application spammed to most of the rest of the Top 10 ended up covering this page.
SafeToBe.Me was created to help monitor and inform consumers of privacy and security issues in Facebook. The application looks for spam, malware, phishing scams, automatic file downloads, and strong language. SafeToBe.Me scans Facebook Pages, status updates, comments to statuses, and application posts, and notifies users of any potential spam or danger. To better inform consumers, today we are releasing our first weekly “Top 10” list of the Facebook Pages containing the most dangerous content and the most spam.
Overall we monitor the Top 5000 popular Facebook Pages and any pages “liked” by our users. We scan those pages for instances of spam or potentially dangerous links. Even if a page falls out of the Top 5000 Facebook Pages, we keep it in our monitoring rotation. Threats are typically found in posts by users on the Wall of a page or in comments made to a status update posted on a page. We’ve broken done the categories into “Most Dangerous” and “Spamiest”. Below are descriptions of these categories.
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Thus we present this week’s Top 10 lists.
| Most Dangerous | ||
| Rank | Facebook Page | Threat Count |
| 1 | Justin Bieber | 670 |
| 2 | Texas Hold’em Poker | 239 |
| 3 | Social City | 228 |
| 4 | YoVille | 210 |
| 5 | FarmVille | 187 |
| 6 | FarmVille Cows | 157 |
| 7 | Cafe World | 136 |
| 8 | Restaurant City | 112 |
| 9 | FarmVille Sheep | 100 |
| 10 | SOY ARGENTINO | 96 |
| Spamiest | ||
| Rank | Facebook Page | Spam Count |
| 1 | FarmVille | 1489 |
| 2 | Wiz Khalifa | 1477 |
| 3 | FrontierVille | 1155 |
| 4 | Michael Jackson | 900 |
| 5 | FarmVille Cows | 616 |
| 6 | KopTuq mu xDe..! | 596 |
| 7 | FarmVille Sheep | 533 |
| 8 | FC Barcelona | 530 |
| 9 | Amr Khaled | 526 |
| 10 | T.I. | 479 |
Notice that many of the Facebook Pages in our rankings are social games. We know that social games are very popular on Facebook so it is not a surprise that malware and spam pushers are focusing on this category.
Here is another phishing scam. This one is aimed at getting your Facebook username and password.
This is what you see when you visit http://apps.facebook.com/celebrities_sexparty/
The app promises to provide “live sex” after logging in through the application box. Note that I am already logged in to Facebook (top right of the page). See the dilemma?
Taking a closer look, the login box is a rather good replica of the real Facebook login form. However, the junk surrounding it is a dead giveaway. After entering something into the boxes, it tells you that the Email/Password combo is wrong (even if it was correct) and asks for your information again.
For many, the logical response is to click and reset their password. By doing that, the “reset your password here” link leads to http://www.portalsat.net/reset.php, but whatever was there seems to have been removed and we are given a 404 error page.
Clicking the login button on this second page will initiate a download of a 33MB .zip file that actually turns out to be in .rar format (go figure). It contains 9 porn clips in .3gp format. These porn clips are not what was requested, but are now on the computer. Like all porn pop-ups, these will inevitably keep popping up at the most inopportune times.
Interesting side note: These guys might have actually left pictures of themselves on their site, too. http://www.portalsat.net
SafeToBe.Me Blog 