Facebook users targeted by rogue application

"Error Check System" malware falsely warns users that friends have had problems viewing their profiles, posing a potential threat to users' personal information.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Feb. 24, 2009 1:18 a.m. PT

2 min read

A new piece of malware making the rounds on Facebook falsely warns users that their friends have had problems viewing their profiles, posing a potential threat to users' personal information.

The rogue application, dubbed "Error Check System," displays an error message in the notifications section that reads "(Friend's name) has faced some errors when checking your profile View The Errors Message."

But the warnings are fake and a viral attempt to spread the application and recruit more Facebook users, according to Graham Cluley, a senior technology consultant with Sophos. While saying that there is no evidence of personal information theft, Cluley noted in a blog posting that utilizing an error message about the recipient's profile was "sneaky."

"This is an important reminder to all Facebook users that they must exercise caution about which third-party applications they install on their profile, and everyone should remember that Facebook does not approve applications before they are made available on their site," Cluley wrote. "You really are putting your trust in complete strangers when you add that next application to your Facebook profile."

However, non-Facebook members are at risk as well. A Web search of "Error Check System" will yield a link to a site that contains code that will initiate a fake virus scan and try to fool users into installing malware disguised as antivirus software, Cluley wrote in a second blog. Sophos identified the malware as Sus/FakeAV-A and Troj/FakeAV-LL.

"The worry is that in many people's rush to find out more about the suspicious application's behaviour on Facebook they may well run straight into a scareware author's trap," Cluley wrote. However, he noted, "Is it possible that the original Facebook application was actually a red herring, and the real dangerous payload came from people Googling for information?"

Facebook users already infected by the application can uninstall it by using the Edit tab in the Applications section of their Facebook profile.