Report New Spyware Here

[Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware.]

2008.January.02

Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware.

The malicious widget, called "Secret Crush" first appears as a Facebook request 'secret crush'.

In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush'.

Clicking the "Find Out Who!" button leads to the standard third-party application install page essentially stating that the referred application will be granted access to user's details upon installation.

FortiGuard Center

Source: Sunbelt

Rebuttal by Zango below and FYI this Zango post:

Zango Advisory: As of this posting, the Zango security team has observed that the Secret Crush widget on Facebook is now called the “My Admirer” widget.

So if it's so innnocent why the name change??

[Good riddance: Facebook has banned the "Secret Crush" application due to its affiliation with a notorious spyware manufacturer.]

Facebook dumps Secret Crush application over spyware claim
Posted by Caroline McCarthy
January 7, 2008

Good riddance: Facebook has banned the "Secret Crush" application due to its affiliation with a notorious spyware manufacturer.

The social-networking site confirmed the breakup on Monday: "Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware," a statement from the company read. "We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service."

CNET