Your ‘Secret Crush’ may be spyware

Security firm Fortinet has warned that Facebook users face certain dangers and maybe an infection from spyware if they attempt to find their so-called “Secret Crush” invite.

Recipients of the invite are then lured to install the application that promises to find the so-called sender’s identity, which the applications hints that it will only tell the person after they accept the terms and conditions – giving the developer access to all of your personal information – and then invite five friends to install the program as well.

Following the procedures, rather than telling you the identity, it installs a horoscope-based “Crush Calculator” application; which “delivers advice” on the compatibility between different users who installed the application.

Fortinet has claimed that the improper behaviour centre on the alleged installed spyware that is packaged by Zango, an adware company. In November 2006, Zango (formally 180solutions) was forced to give $3 million to the FTC after it labelled the amount as “ill-gotten” gains. It also lost a lawsuit against Kaspersky, an antivirus vendor, after it claimed that Zango’s software was a threat to users.

Zango has denied the claims, saying that it is a victim of circumstance since its iFrame advertisement has became associated with the application due to a third-party partner, which sets the ad to appear on Facebook when the user installs the application – a practise which Zango claims that it is “completely legitimate”.

“At no point in adding the Secret Crush widget to a Facebook profile does the widget install either spyware or Zango software, or even attempt to do so. Any suggestion that Zango software is being ‘secretly installed’ is simply not true,” Zango responded on its blog.

Fortinet estimates that around three percent of Facebook users currently have the application installed.

UPDATE – Facebook have now banned the application, saying on Monday in a statement: “Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware.”

“We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service.”

Share Tweet Send
You've successfully subscribed to TechGeek
Great! Next, complete checkout for full access to TechGeek
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.