Quite a few people have emailed me asking me what I thought about the Facebot application that was recently released. The paper is located here. Basically a group of people created an application that they published on Facebook that did click fraud. They hijacked simple requests through an application called Photo of the Day using HTML IMG tags, you know, the same thing we did on MySpace without even having to create an application, however, we had OpenSocial applications that did the same thing, and a little worse 
They said they did it to prove you could turn a social network in to a botnet, you know, the same thing that we already talked about and demonstrated at both Black Hat and Defcon this year. As a matter of fact a copy of our presentation can be obtained here: Satan_Blackhat_Defcon
The title of their paper is “Antisocial Networks: Turning a Social Network into a Botnet”. The title of our HOPE presentation that we had to back out of was “Antisocial Networking: Vulnerabilities in Social Nets”. You can see this here from back in June. I am not quite sure what to think about all this, I guess it could all be coincidence. Like I said, I don’t know.
Now on Facebook the way you would have to go about turning their users in to a botnet is by creating an application. Facebook doesn’t allow linking to offsite content the way MySpace does. So if you want to use img tags, meta tags, and iframe tags you would have to use them in an application that you created.
So, my impression is Yup. Everything we talked about at Black Hat and Defcon. It’s old news, not sure why anyone is making a big deal or even writing about it.
