2008.January.02 Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware.
The malicious widget, called "Secret Crush" first appears as a Facebook request 'secret crush'.
In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush'.
Clicking the "Find Out Who!" button leads to the standard third-party application install page essentially stating that the referred application will be granted access to user's details upon installation. FortiGuard Center