Facebook applications don't need to be pre-approved by the social networking site, which leaves them vulnerable to exploitation by hackers.
Users of Facebook, the popular social-networking website, have been targeted by hackers and cybercriminals attempting to access their user profiles and steal valuable data.
Many of the security breaches take the form of rogue applications. Facebook allows people to develop and write games and software to run on the site, but these applications do not need to be approved by Facebook before they are made available for people to download. High-tech thieves have started to take advantage of this loophole to create fake applications that contain malicious software.
One recent rogue application, called Error Check System, would warn users that their friends had been unable to view their profile, and contained a clickable link to enable the user to view an "error message". In fact, there was nothing wrong with the profile, and clicking on the link only served to forward the same warning messages to all of the friends in a user's social network.
Another application warned users that a friend had reported them for violating Facebook's terms of service, and prompted them to click on a link in order to have their account reviewed by Facebook administrators. Security experts at Trend Micro warned that clicking on the link resulted in the same message being forward to everyone on the user's Facebook contact list, and "may also harvest personal information along the way".
Facebook users have also been affected by a new variant of the Koobface virus, a worm that first appeared in December last year. It works by prompting Facebook users to visit a fake YouTube page, and then installs malicious software on their computer. The worm then burrows into the computer's operating system, and hunts for 'cookies', the digital record of websites visited, and uses this information to log into other social networks the Facebook user might be a member of, such as MySpace, Bebo and LiveJournal.