|Forum topic by Douglas Bordner||posted 03-25-2009 06:58 AM||2147 views||0 times favorited||18 replies|
03-25-2009 06:58 AM
Just a heads up to fellow Lumberjocks that also spend time on Facebook that one of the applications – ”Picdoodle” appears to be a phishing expedition or a least has hit upon a novel way to spread itself across that site.
The application allows a person to draw or doodle over jpeg images in one’s albums. You supposedly need to allow the application access to your information in order for you to view any posted “picdoodle”. I should have suspected something afoot just from that aspect alone. A legitimate application could certainly save the doodled image as a regular jpeg – accessible as all other images in your own or a friends album are currently – click the link-view the image.
After allowing said access, so that I could view someone else’s post, one of my photos was doodled with three exclamation marks in the upper left corner, was posted with this supposed quote “I love this sweet pic” under my by-line, and a new album with this image was created under my account. Then all my friends were sent a notification that they had been tagged in the photo. In point of fact I never doodled the image, created the album nor did I tag anyone. The picture was of myself and one other person.
Obviously this is a bot attack aimed at account mining or at least proliferating itself much as virus would. I will subsequently not be playing with any of the Facebook toys that require access to my account info, friend lists or contact information in order to work. Judging from at least one other comment recently posted on Facebook, I believe there are other applications that behave in this or similar ways with less than happy outcomes. BE WARY.
-- "Bordnerizing" perfectly good lumber for over a decade.