Researchers at Foundation for Research and Technology in Heraklion, Greece – that hotbed of Facebook research – have created a small Facebook application that causes a DDOS on a certain website. The application masquerades as a “picture of the day” app and shows an image from National Geographic. When someone clicks on it, however, it makes a request to a victim’s website, ultimately pulling down about 248 gigabytes of malicious data a day and essentially shutting down the server.
Obviously this application needs a perfect storm to be useful: you need to have a target and create a popular enough application that would encourage multiple installs. While one or two clicks won’t take down a site, the entire population of Facebook clicking on something definitely could.
The researchers wrote about the application in a detailed paper [PDF] and, by extrapolation, were able to tell how hard they could hit target servers provided, of course, the application was as popular as Super Wall or Bumper Sticker. They also recommend shoring up Facebook’s API to prevent this sort of mischief in the future.