Forgot your password?
typodupeerror
Security Social Networks IT

"Dislike" Button Scam Hits Facebook Users 179

Posted by CmdrTaco
from the i-dislike-this dept.
An anonymous reader writes "A message saying 'I just got the Dislike button, so now I can dislike all of your dumb posts lol!!' is spreading rapidly on Facebook, tempting unsuspecting users into believing that they will be able to "dislike" posts as well as "like" them. However, security researchers say that it is just the latest 'survey scam', tricking Facebook users into into giving a rogue Facebook application permission to access their profile, and posting spam messages from their account. The rogue application requires victims to complete an online survey (which makes money for the scammers) before ultimately redirecting to a Firefox browser add-on for a Facebook dislike button developed by FaceMod. "As far as we can tell, FaceMod aren't connected with the scam — their browser add-on is simply being used as bait," says Sophos security blogger Graham Cluley."
This discussion has been archived. No new comments can be posted.

"Dislike" Button Scam Hits Facebook Users

Comments Filter:
  • by Drakkenmensch (1255800) on Monday August 16, 2010 @09:49AM (#33262912)
    -1 "Dislike"
  • News? (Score:4, Informative)

    by SimonTheSoundMan (1012395) on Monday August 16, 2010 @09:50AM (#33262932) Homepage

    Been going on for months.

  • OH Noes!

    (obligatory anim GIF) http://i108.photobucket.com/albums/n13/greatcapp/oh-noes-everybody-panic.gif [photobucket.com]

    I never listen to those "check out this new feature" ads.
    Invariably you have to hop through hoops. It's never free.

  • 1. Set up really popular new big thing!
    2. Have 500 million morons congregate.
    3. They do ??? which is important because ???
    4. Sell ads for products they probably don't purchase because they're just goofing off on the internet because they're too broke to go do something fun instead.
    5. ???
    6. Profit!

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      While your little list doesn't really make any sense, I do agree that Facebook doesn't currently have a sustainable business model. However, how does any of that equate to a Ponzi Scheme? Or do you have absolutely no idea what that means, and just thought it sounded good?

      • Re: (Score:1, Redundant)

        by jgagnon (1663075)

        They could easily sustain themselves with targeted advertising. Assuming, of course, they do it right.

    • by Abcd1234 (188840) on Monday August 16, 2010 @10:15AM (#33263150) Homepage

      Uhuh. The you don't know what a Ponzi scheme is, and it's the *facebook* users that are the morons... riiiight.

  • Dislike (Score:4, Funny)

    by geekgirlandrea (1148779) <andrea+slashdot@persephoneslair.org> on Monday August 16, 2010 @09:57AM (#33262980) Homepage

    Can I just have a 'Dislike' button for all of Facebook, please?

    Actually, I think I'll take a 'Tactical Nuclear Strike' button instead, now that I think of it.

    • Re:Dislike (Score:5, Informative)

      by TheRaven64 (641858) on Monday August 16, 2010 @10:09AM (#33263074) Journal
      There's a Safari addon called 'defacer' which removes all Facebook buttons and links from every page that you visit (I've not tried it, I just noticed it the other day). Presumably there are similar things for other browsers...
      • by nephridium (928664) on Monday August 16, 2010 @11:00AM (#33263738)
        ..or you could simply add "127.0.0.1 facebook.com" to your hosts [wikipedia.org] file - one little tweak, works on every OS, on every browser. The cleanest way for all those who just don't care much for it.

        (Btw if you're using localhost as a webserver it's probably better to use 0.0.0.0 for all you annoyance blocking needs instead)
        • Re: (Score:3, Insightful)

          by GIL_Dude (850471)
          I always see that claim that a hosts file works on every OS and every browser. People always seem to forget that if you are using a proxy server (for example at work), the hosts file is ignored. The proxy server controls what the address is. So the hosts file thing works perfectly (and I use it) at home where I don't have to go through a proxy. But it is useless at work (and yes, there are things I would like to block there too - and random facebook and twitter buttons on pages are indeed some of them).
          • I always see that claim that a hosts file works on every OS and every browser. People always seem to forget that if you are using a proxy server (for example at work), the hosts file is ignored. The proxy server controls what the address is. So the hosts file thing works perfectly (and I use it) at home where I don't have to go through a proxy. But it is useless at work (and yes, there are things I would like to block there too - and random facebook and twitter buttons on pages are indeed some of them).

            Use NoScript and block Facebook/Twitter.

          • You could ask the admins (since those are work computers) to have the proxies block those counter-productive websites for you. Of course this would incur the wrath of a certain (hipster) coworker demographic, but at least you wouldn't need to suffer through those facebook and twitter buttons before your untimely death by high-pitched screaming, keyboard bashing and mouse stoning (I hear Apple mice were specially designed with optimal trajectories in mind ;).
            • by Trinn (523103)

              Great idea - "I don't like this, let's BAN IT" -- somehow I think there's a failure in logic here.

        • Re: (Score:2, Interesting)

          by Anonymous Coward
          You can also just go to a country where facebook is blocked (like China or Pakistan.)
        • ..or you could simply add "127.0.0.1 facebook.com" to your hosts [wikipedia.org] file - one little tweak, works on every OS, on every browser. The cleanest way for all those who just don't care much for it. (Btw if you're using localhost as a webserver it's probably better to use 0.0.0.0 for all you annoyance blocking needs instead)

          There's some user her that rabidly points out that 0.0.0.0 will always outperform 127.0.0.1 even if you don't have a local web server as it's always not routable, and 2 characters shorter to parse.

      • Re: (Score:3, Informative)

        by clone53421 (1310749)

        I just have the following AdBlock Plus rules...

        facebook.com$third-party,~domain=fbcdn.net
        fbcdn.net$third-party,~domain=facebook.com

    • Yes you can. You can have both of them.
      It will lead you to another bit of malware. Best not click on anything.

      Ever. At all. Never again. version 2.3.this.time.'it's'.personal
    • Re:Dislike (Score:5, Funny)

      by Yvan256 (722131) on Monday August 16, 2010 @10:13AM (#33263132) Homepage Journal

      Actually, I think I'll take a 'Tactical Nuclear Strike' button instead, now that I think of it.

      Unable to comply. Ghost Academy required.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        No, it's a Science Facility with Covert Ops, and a Nuclear Silo attached to your Command Center. ...whaddya mean, "There's a second one."?

    • I believe the hotkey is "N"

  • And? (Score:5, Insightful)

    by meisenst (104896) on Monday August 16, 2010 @09:57AM (#33262982) Homepage

    This is not new news, really. There is always some scam going around that takes advantage of the inability of most users to distinguish untrusted content from trusted content, not to mention the people who click Yes to every pop-up without understanding what they've just done.

    Facebook is a gold mine for scams like this. There are way too many people using the site that don't care about the dangers. Apathy and ignorance are best ways to spread this kind of thing, and they are found aplenty in any social networking crowd, at least when it comes to the technology behind the social aspect.

    • Re:And? (Score:5, Interesting)

      by Securityemo (1407943) on Monday August 16, 2010 @10:12AM (#33263116) Journal
      It's not that they don't care, it's that they can't percieve what's real content and not - because they don't have a model of the underlying structure beyond the surface of the content.
      • Well said, and explains the entire reason behind these scams (also pretty much explains every situation in which someone gets taken advantage of in an area they know little about). The real question now is what to do about it.
    • Re:And? (Score:4, Interesting)

      by jeffmeden (135043) on Monday August 16, 2010 @10:15AM (#33263148) Homepage Journal

      This one gets bonus points for spreading by appealing to the dark side of human nature with their offer of a new and exciting way to threadcrap. As if random popup ads don't snare enough people, now they are out there with an appealing product (at face value anyway) that users have to actively resist. Just when the idea of Facebook itself as a scam was gaining traction, now we have this shit-sandwich-deep-fried-in-vomit craze sweeping the 'tubes. The internet is doomed!

    • by siddesu (698447)

      And - here's the real moral of the story:

      If your users request a feature often and with a passion, you either give it to them, or someone else does :D

    • by mcgrew (92797) *

      Apathy and ignorance are best ways to spread this kind of thing

      Q: What's the difference between apathy and ignorance?
      A: I don't know and I don't care!

  • I dislike (Score:1, Insightful)

    by Anonymous Coward

    everyone of you jerks who beat me to the coveted 'first post'. I dislike you all, a lot.

  • In other news (Score:5, Insightful)

    by should_be_linear (779431) on Monday August 16, 2010 @09:59AM (#33262996)
    3295671st variation of "I love you" malware appeared online affecting mostly dumb BFUs.
  • by phormalitize (1748504) on Monday August 16, 2010 @10:08AM (#33263060) Journal
    is that this sort of thing happens as infrequently as it does - this type of baiting is so effective and requires such a small amount of effort by the scammers.
  • This is everything on facebook. All the "find out what Brady bunch character you are" polls exist only to gain access to your account. Even farmville is just a clever trick to lire users in with a game. Then it spans you and makes money from offers and by directly asking you for money.

    Hell, even facebook itself is just a moneymaking ruse cleverly designed as a way to keep in touch with friends while it gains all your personal info. .
  • by Securityemo (1407943) on Monday August 16, 2010 @10:17AM (#33263174) Journal
    I can't really understand the loathing most people here display for facebook. Or rather, I do, but it seems like people loathe the basic idea of a "IRL overlay" social web? As long as you know enough people who use it, it's great for coordinating IRL activities like parties, birthdays, the nicer kind of activism, etc...
    • by arkane1234 (457605) on Monday August 16, 2010 @11:36AM (#33264184) Journal

      it's great for coordinating IRL activities like parties, birthdays, the nicer kind of activism, etc...

      So was MySpace, your point?
      Most of the hate about Facebook is that they are hypocritical and do not care about the values of humans. They will lie to you to get you to post private data up, make it appear as of your privatizing it, then make it so it's public. They'll also harvest (farm? data mine?) information and sell it.
      Other than that, they're great. Uh huh.

  • Make it a game. Every one of those apps (with a few exceptions) are just spam. You can block them by clicking on the "posted by 'stupid app'" then on the apps page click on "block application".

    Word on the street is there exists a firefox addin that does this for you--but I have never bothered to find it.

    • by Culture20 (968837)

      Make it a game. Every one of those apps (with a few exceptions) are just spam. You can block them by clicking on the "posted by 'stupid app'" then on the apps page click on "block application".

      A couple years ago, I found a list of the most popular facebook apps and ran a script with wgets to block them all for me. My FB account has thousands of blocked apps (and yes, there is a limit in their DB to how many you can block, which is kind of annoying as I've hit that limit).

  • Facebook (Score:4, Interesting)

    by sheehaje (240093) on Monday August 16, 2010 @10:23AM (#33263278)

    Facebook is one of the most useful applications ever on the Internet. Love it or hate it, it connects people and their media. It's social networking on a grand scale.

    With that said, to use one of the greatest applications ever, you must compromise your privacy and security. That's how good Facebook is, no matter how bad the bad is, people keep using it.

    I've thought of emptying my profile several times, and just providing a link to a personal web site. I don't want to delete my account totally, there are still people that I want to keep in contact with that aren't really computer savvy, but know how to use Facebook. I also have a MyBand page for, well, my band. Very useful for letting people know when our shows will be, as well as a great way to connect to our fans.

    I have enough experience with computers (30+ years) to know the scams when I see them. I have never gotten malware/spyware from an online social site. The one thing I do give up is a bit of my privacy. Not that I'm too worried about all the boogie men out there (although I will be more fearful when my kids are old enough to be on it). I do however sometimes feel like George Costanza on Seinfeld where his worlds were colliding. I don't always want to mix personal and business lives, but it seems to happen on Facebook.

    I guess for now, I take the bad with the good and vice versa. I'm too lazy to change the world myself, so I'll leave it to the next visionaries to build a better Facebook and one that is just as popular.

    • Re: (Score:3, Funny)

      by mujadaddy (1238164)

      I have never gotten malware/spyware from an online social site.

      Yeah, porn is how they got me, too.

    • Re: (Score:2, Troll)

      I have never gotten malware/spyware from an online social site.

      Or so you think. It could be that you have caught one of the ~50% of unknown viruses out there via a mere flash/java exploit... and a good one, you'd never know.
      • Re: (Score:3, Insightful)

        by sheehaje (240093)

        I have never gotten malware/spyware from an online social site.

        Or so you think. It could be that you have caught one of the ~50% of unknown viruses out there via a mere flash/java exploit... and a good one, you'd never know.

        Reminds me of the old adage that if you want computer security, unplug the network cable and disable all removable drives.

    • by Timmmm (636430)

      With that said, to use one of the greatest applications ever, you must compromise your privacy and security

      Must? It didn't used to be like this. Back in 2005ish before they added apps, Facebook Connect and so on, it was perfectly secure. In fact, that's why people used it.

      Most people only put their photos and personal details on there because it was impossible for anyone other than your friends to see them. That's more or less still the case, but now any of your friends can fuck up and allow stupid apps access to your stuff.

    • Re: (Score:2, Insightful)

      by arkane1234 (457605)

      I'll admit it's handy, but the most useful? I actually laughed out loud when I read that.
      It's just a website with people inserting data, and you get to search and read it. There are also "applications" that you can use, but they are basically wastes of time IMHO. In the end, it's a pretty version of MySpace.... only without the hiphop & latino gangsta bullshit.

      There is no "most useful" application ever on the Internet. That term always is subjective, as I consider google mail to be the most useful,

  • It looks like a regular waste of time (which, by definition, is the point of all facebook activities, right?).

    Now, there may indeed be a more nefarious info-gathering subtext to this, but otherwise it looks like it posts that you like this app (which many do), that you fill out a survey (which is what lots of people do on FB, based on many of my friends' status updates), and it sends you to a FF add-on.

    This sounds like everything else on FaceBook...I'm waiting for the "then is steals your children and sells

  • by edmicman (830206) on Monday August 16, 2010 @10:46AM (#33263560) Homepage Journal
    oblig. "I'm too cool for Facebook, and anyone who uses it is Teh Stoopid". post. In fact, I'm so indie I only use websites that don't exist yet that no one else uses, either. And I don't communicate with anyone or anything via the Internet, I only passively consume it. Yay!
  • by DamienNightbane (768702) on Monday August 16, 2010 @11:16AM (#33263946)
    The bottom line is that this scam wouldn't be possible if Facebook had implemented a real dislike button years ago when people demanded one.
  • I've been seeing a lot of posts saying "[Name] likes [platitude] on ." from people who would probably never post [platitude]. Things like "Clarence likes “I don't have a temper problem, everyone else needs to stop pissing me off” on ." I'm afraid to click either the platitude or the heart, but I can't really find any evidence about what the hell is going on.

    • by Bambi Dee (611786)
      From what I've gathered, the "heart" website (I already forgot the name) shows user-generated "platitudes" along with a Facebook "like" feature so people can "like" random bad-assy phrases on their Facebook profiles. It doesn't seem malevolent, though I won't vouch for that.
    • I'm afraid to click either the platitude or the heart, but I can't really find any evidence about what the hell is going on.

      See that “Like” button underneath the post? Go ahead, click it. It won’t hurt you... honest. (It just perpetuates the spam, is all.)

  • FACEBOOK IS A SCAM.

    They exist to derive value from your information. Friends, addresses, posts, even images.

    That the scammers also sell you to other scammers should not be surprising.

    So give Facebook only what you are willing to part with.

    Ok?

  • by Aphoxema (1088507) on Monday August 16, 2010 @12:30PM (#33264808) Homepage Journal

    It's "stories" like this that make me wonder if people are trying to use Slashdot to get experienced people to do something about it so they don't have to.

  • I run Facebook with almost everything turned off. And Flash with almost everything turned off. And Firefox with the privacy settings on high.

    About half of sites with video won't play. Other sites produce errors because their Flash cookies won't work. YouTube's "Press ESC to exit full screen mode" message stays up forever. (I suspect YouTube does that just to keep people from running with high privacy settings.)

    It's interesting to see who's evil, but somewhat annoying. Still, for every site that's

  • Can somebody explain this? I don't think anybody can integrate any bit of code into Facebook.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...