Security firm Fortinet has warned that Facebook users face certain disappointment and possible spyware if they attempt to discover who sent them a "Secret Crush" application invite.
Recipients of the Secret Crush invitation are lured to install the application by the promise of finding the so-called sender's identity, which the application hints it will only divulge once the recipient accepts the terms and conditions -- giving the developer access to personal information -- and then invites five friends to install the application as well.
After following the procedures, rather than discovering the identity of the sender, the recipient merely installs a horoscope-based "Crush Calculator" application, which delivers advice on the compatibility of different users that have installed the application.
However, Fortinet's claims of improper behaviour centre on the alleged surreptitiously-installed spyware that is packaged with the application by adware company, Zango.
Want to know more?
For all the latest news, analysis and opinion on security, click here
However Zango denies Fortinet's claims, saying it is a victim of circumstance since its iFrame ad became associated with the Secret Crush application due to a third-party advertising partner, which set Zango's ad to appear on Facebook when a user installs the "Secret Crush" application -- a practice Zango claims is "completely legitimate".
"At no point in adding the Secret Crush widget to a Facebook profile does the widget install either spyware or Zango software, or even attempt to do so. Any suggestion that Zango software is being 'secretly installed' is simply not true," Zango claimed on its blog.
"Moreover, our general security monitoring of the Zango network has shown no abnormal increase in installations -- something we would have seen based on the reported usage numbers of the Secret Crush widget," it added. Following initial warnings of the application, Secret Crush was renamed to My Admirer and subsequently disabled.
Fortinet estimates that around three percent of Facebook users currently have the Secret Crush widget installed.
CNET News.com's Robert Vamosi contributed to this report
when i clicked on the link it provided on facebook, it asked me to give it my phone no. to receive an sms , supposingly telling me who has the crush on me with some tips ( which was totally nonsense! ), of course they no friend of mine! and it charges A$6.60/sms !! and you had to send "stop" to stop it. I ended up receiving 4 sms and it added $27.4 to my phone bill this month as a "Premium SMS service" !!!!!!!!!!!!