"Error Check System" attack hits Facebook

A new rogue application is spreading throughout Facebook, much to the chagrin of security experts.

Known as "Error Check System," the application appears to be harmless in its current form, but the methods it is using and the speed at which it is spreading is causing some concern over the possibility for a future malware attacks.

Users become infected with the rogue application by way of social engineering. A user is sent a message from an infected friend which claims that there are multiple "errors" on the user's Facebook page.

The message then directs the user to the application's download page where the user supposedly installs the Facebook application to correct the supposed " errors."

Upon infection, the page then attempts to send notifications to the infected user's friends and repeat the attack.

Though the application is currently not believed to be performing any additional malicious activity, security experts are warning that its infection method could easily be used to harvest user data for identity theft.

"This is an important reminder to all Facebook users that they must exercise caution about which third-party applications they install on their profile, and everyone should remember that Facebook does not approve applications before they are made available on their site," wrote Sophos senior technology consultant Graham Cluley.

"You really are putting your trust in complete strangers when you add that next application to your Facebook profile."

Cluley later noted that the attack is having a rather unpleasant side-effect as well. A flood of users searching for information on the attack have lead to a page on the subject which contains links to other malware attack sites being established as the top Google search return for the term "error check system."

"The worry is that in many people's rush to find out more about the suspicious application's behaviour on Facebook they may well run straight into a scareware author's trap," noted Cluley.

"Is it possible that the original Facebook application was actually a red herring, and the real dangerous payload came from people Googling for information?"