FYI...

Rogue Facebook app propagates via users
- http://securitylabs.websense.com/con...logs/3563.aspx
02.26.2010 - "The latest scam targeted at Facebook users hit the public today. The rogue app, which comes in many variants of "Who is checking your profile?", has improved its technique beyond the previous attacks we've seen. Rather than spreading a single app that Facebook can easily block, it tricks users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys. The attack starts with a friend, whom you trust, posting a link on your wall, asking you who is checking your profile. It also entices you by telling you that your friend is viewing your profile. The draw itself has been around for a long time, and the idea of being able to tell which users have looked at your profile is an attractive proposition. But Facebook policy and the API itself prevent this capability, which means that all applications that promise this feature are bogus... The most important thing for Facebook users to remember is that clicking “Allow” authorizes an application, and by doing so you are giving it the proverbial “keys to the kingdom.” Do not add any applications that you do not trust..."

(More detail and screenshots at the Websense URL above.)