A friend complained on facebook today about an application called PicDoodle that she had installed.
It was supposed to give her a way of drawing fancy things on images and share that fun with her friends.
Instead, she got one of her images with a roughly scrawled heart on the corner and it automatically has been taking names from her friends list and "tagging" the image with their names.
When one of those friends goes to see what they've been tagged in, you end up being told that to see the real fun you have to install PicDoodle too, after installing PicDoodle you apparently don't see anything different but you now have a picDoodle post that starts tagging your friends to get them to install PicDoodle.
So, from what I can find out and from what I've seen so far I can only assume that PicDoodle is essentially a virus, or Trojan horse. It exists to mine the data in your account and share it with whoever wrote the application.
Does this make picDoodle the first successful example of a data-mining privacy violating virus hiding itself as a fun facebook app?
from what I can find, it's the perfect example of why I never allow apps access to my account, no quizzes, no superpokes, no steal my friends list to con them into installing an app that will steal their friends list to con them...
If you're on facebook, go to http://www.facebook.com/apps/application.php?id=35731868204 to block the application from ever accessing your data.
follow-up
info on how to uninstall PicDoodle can be found here http://www.facebook.com/group.php?gid=76716075179
It might be a virus, it might just be a "mistake" as the press release circulating from the folks that made the application says, as they move as fast as possible trying to cover their asses. My vote is still for malicious over mistake. but either way it's a dangerous app that should be avoided
[second update]
I think this is the best summary of the issue I've read so far PicDoodle virus shows Facebook’s true colors
picDoodles
I am already very sick of this and it's misleading info. Why can't face book get the clue and block crap that harasses us or is outright FAKE!
Not the first
I've seen a number of similarly annoying applications. For example, for a while it was common for an application to require you to invite some number of your friends to also use the application before you could begin to use it yourself. Periodically, after public outcry, specific strategies have become banned. But it's still Facebook that sets the terms; another example of the drawbacks of a private corner of the internet managed by and for one corporation. My favourite analogy to explain this to non-technical friends is that Facebook is to the internet what the food court of a shopping mall is to a public park -- at first it looks like public space but if you interfere with the owner's profit motive, you won't be there long.
Bad Face Book App
One of my colleagues installed the PicDoodle Application, and saw similar results. It started tagging random people to random pictures. I don't possess a technical background, but I would assume Facebook slipped up on letting this application through their moderation process. I've heard of people's accounts being hacked because users input private data on sites that look like a link they clicked...but to allow a malicious app through the moderation process is on Facebook.
Frank Brown
Immigration lawyer
Seattle, WA
Thanks for the great tips. I
Thanks for the great tips. I am using facebook for quite a long time but I had never met anything like this. I don't understand why people are doing those things. I mean why they are creating those Trojan horses and viruses? I know that they can steal a valuable information from your computer using Trojans, for example your bank or credit card information. But what is the point of those Trojans in facebook? To get my account information? And what they will do with that information, I can't get it at all. But unfortunately there exists such dummies.. Thanks one more time for the great tip, I will be more careful in my facebook account after reading it. Oh and I will be looking forward to other great articles from you in the future.
Sincerely,
Kevin Tillson (from application development services)