Malicious hackers are setting up malware-infested Web sites that falsely claim to remove a virus from a new Facebook application called Fan Check, security vendor Sophos is warning.
The scammers are trying to capitalize on the concern that many Facebook members have about the application. At this point it's unclear whether it's problematic itself or not.
But as Facebook members use popular search engines to find antivirus information about Fan Check, they are getting results that point to sites that can infect their computers with malware.
"The phrase 'Facebook Fan Check Virus' is currently a hot trending topic on Google, with many net users searching for information. However, hackers have set up websites pretending to be about the 'Facebook Fan Check Virus,' but which really host fake anti-virus software which display bogus warnings about the security of your computer in an attempt to get you to install fraudulent software and cough-up your credit card details," Graham Cluley, a senior technology consultant at Sophos, wrote on Monday in his blog.
Sophos hasn't been able to determine yet whether Fan Check is malicious in nature, because when Cluley tried to install it, he got a message saying that the application is being upgraded and isn't online at the moment.
Facebook has been reviewing the application and as far as the company can tell, Fan Check isn't spreading any viruses, Facebook spokesman Simon Axten said via e-mail.
Axten also confirmed Sophos' findings that malicious hackers are capitalizing on the rumors that Fan Check infects PCs with viruses in order to trick Facebook members to visit malware sites.
An informal review among some IDG News Service staffers who have received Fan Check notifications in recent days suggests the application may be offline because it may have engaged in practices to market itself that Facebook frowns upon or outright forbids.
For example, Facebook members seem to get tagged in a Fan Check album of some sort without their permission and without even having installed the application. That photo-tagging action is then broadcast to their friends' profiles via a thumbnail image titled "Fan Check Photos" with a message saying that the person in question has been tagged. This would appear to be a type of deceitful and spammy notification strategy that Facebook has tried to clamp down on because it annoys and confuses its members.
Axten said the decision to take the application offline was made by Fan Check's developer. Facebook hasn't had a chance to do a full investigation on the way the application sends notifications to users because that functionality was added shortly before the developer took down the application, he said.
The Fan Check page on Facebook reveals that it has been reviewed almost 6,000 times, receiving a low average rating of 1.7 stars out of a possible 5 stars. It has more than 12.5 million monthly active users and was formerly known as Stalker Check, a name that had to be changed to comply with a Facebook rule.
There are also many messages in the application's page from Facebook members claiming that the application disrupted their Facebook profiles and their PCs as well, with some people wondering whether the application itself is some sort of malware.
A link in the page to contact Fan Check's developer doesn't appear to be working.
Fan Check is designed to calculate how much one's Facebook friends openly and actively interact with one's profile through actions like writing on one's Wall or commenting on photos, to determine how big of a "fan" -- or previously "stalker" -- your different friends are of you.
What it doesn't do is let Facebook members know who has silently visited their profiles and looked at their photos and other content, because Facebook specifically forbids this type of passive browsing information from being gathered.
How the application describes what it does is one of the main issues that Facebook has raised with the Fan Check developer, Axten said.
"Applications that claim to track profile visits, for example, are a violation of our Platform Guidelines, and we wanted to make sure the application wasn't doing this," Axten said.