Blogs: Taking the clothes off the Beach Babes Facebook app
Well, the Websense title is “Dissecting the Distracting Beach Babes Facebook app”; but I think mine is more in keeping with the subject. Either way, it’s worth a look.
So far we have identified over 100 apps on Facebook that are all working the same way; the only difference is the API and secret keys that are used. In addition to them all working the same way, they also use the same Google Analytics UA ID to track visitor statistics.
Overall the app is very simple and relies fully on social engineering. The numbers from the two attacks we’ve seen so far prove that despite its slow propagation method (only sending the message to 10 users at a time) these types of attack unfortunately work very well.