Update: Facebook responds to malware attacks.

Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.

The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.

A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.

Screen shots below.

• Sphere It
• 

Israeli startup TuneWiki has come a long way.

Soon after the iPhone’s launch, the company released an application that allowed users to view highly-accurate lyrics synced karaoke style to any song stored in their music library. But because there was no App Store at the time, TuneWiki was limited to users with jailbroken (hacked) iPhones. Despite this, the application has racked up over 1.2 million downloads since its launch - a number competitive with those seen by the most popular Apple sanctioned apps. The company raised a funding round from Benchmark Capital’s Israel fund.

And now, after nearly a year of developing a Karaokee-like music program for hacked iPhones, the company has developed an application that stands a good chance at becoming the standard media player on Google’s forthcoming Android platform.

At first glance, the Android version of TuneWiki has more than a little in common with the iPhone’s default media player (except with a black color scheme). Songs are sorted into spartan but easy to navigate lists, and playing a song displays its album art alongside standard playback controls. The player integrates TuneWiki’s extensive database of lyrics, which are played karaoke-style alongside your songs (lyrics are pulled from a user-modified database). There’s also support for YouTube videos - if you search for a song you don’t have, the player will automatically take you to the YouTube version, which also support synced lyrics.

Perhaps most exciting is TuneWiki’s integration with location services. Because the player can optionally tell TuneWiki’s servers what song you’re listening to, it can offer an interactive map that displays musical tastes across the world. This could be a huge hit on college campuses, where breakthrough artists tend to be discovered first. It’s also fun to find people in Dubai who listen to Kelly Clarkson (see the video below).

One of the most key features to the iPhone’s success is its ability to sync seamlessly with a user’s media library through iTunes. TuneWiki recognizes this, and is doing everything it can to make syncing as painless as possible. The company will be offering plugins for iTunes, Windows Media Player, and Songbird, and will also feature support for wireless syncing across Bluetooth or Wi-fi.

Some of these features are already offered on the jailbroken iPhone app, but the Android version is clearly TuneWiki’s focus, and for good reason. The company is one of fifty finalists in Google’s Android Developer Challenge, and has received extensive support from Google and a number of other companies during development.

Android is an open platform, which means users (or at least device manufacturers) will be able to install whatever media player they want onto the phones. Despite this freedom, there will probably be one or two media players that emerge as the platform standards. TuneWiki has positioned itself to become one of these, with features that go above and beyond those found on the iPhone, and a focus on keeping things as simple as possible.

Here’s a demo video we took on the app running on the Android emulator:

• Sphere It
• 

Facebook will announce later today that it is adding a “Features” tab to the “Insights” area of the application management page.

The new tab will give developers a greater range of statistics on application usage, including the number of canvas page views, clicks on profile boxes, confirmations of feed forms, and additions and removals of bookmarks (which have replaced application installations). Developers will be able to graph changes to these statistics over time and compare how daily counts fluctuate within particular time periods.

The Palo Alto-based social network claims to be adding this new tab in response to developers’ requests for more insight into how users are actually using their applications.

• Sphere It
• 

According to the Brazilian news magazine Exame, Google has made Brazil the center of its Latin American operations, placing former country director Alexandre Hohagen at the helm.

Google is understood to have chosen Brazil for its superior regional performance. While the Mountain View, California-based search giant doesn’t comment on regional numbers, the article claims that Brazil is Google’s fastest growing market (hard to verify, but it’s certainly one of the fastest growing), generating an estimated $500 million per year in revenues. This is all the more impressive considering the Brazilian office was opened just three years ago and has only 200 employees.

The decision to run Latin American operations from Brazil comes soon after another decision to move all development and management of Orkut to that country, with most of the engineering in the city of Belo Horizonte. Orkut is Google’s social network, which enjoys most of its popularity in Brazil and India.

Brazil is also said to have the second largest number of Gmail accounts, perhaps because of the popularity of Orkut. Google’s biggest white labeled Gmail customer may also be in Brazil: iG, a portal with over 9 million accounts.

Google is still in the process of replacing Hohagen with a new country director for Brazil.

• Sphere It
• 

Glam Media loves to tout its comScore numbers, and uses them to claim it is the largest collection of women’s sites in the world. And that’s true when you count all of the affiliate sites Glam does not own or operate that it sells advertising for. That’s Glam’s entire business model: sign up sites that appeal to women, and sell ads across the entire network. In June, that network reached 76.9 million people worldwide, which was flat with May (77.4 million), but much bigger than rival iVillage’s women’s network (27.6 million).

But apparently, reaching 77 million people a month is not enough. Glam is now trying to strong-arm its affiliates into placing the Glam logo on every page of their site, because that is how comScore counts traffic and visitor stats for the Glam Network. In its August newsletter to affiliates, Glam is claiming that affiliates agreed to place the Glam logo on their sites as part of contract they clicked on when they signed up. This is news to at least one affiliate, who forwarded the newsletter to us. It presents this claim almost innocuously as a “Question of the Month.” Here’s an excerpt (I’ve bolded parts for emphasis):

Read the rest of this entry »

• Sphere It
• 

Twitterfone launched in May to let Twitter users post new messages by calling in to a phone number and speaking out what they want to say. The service then converts the message to text and posts it to your Twitter account along with a link to the audio file. Here’s a test message I created at the launch. The service is a great way to leave a quick Twitter message when you’re away from your computer and only have access to a phone - the service offers local number in 19 countries and is expanding regularly. The company says 20,000 people have signed up for the service since launch.

Today Twitterfone will start converting your Twitter messages to audio, too, giving users a full audio interface to the service. As of today, when you call Twitterfone the service offers to let you record a new message, listen to messages from your friends, and reply to messages publicly or privately. Users can listen to the first ten messages.

For now, only English is supported, but Japanese is next up. The service is free and will remain so for the foreseeable future.

If you are a Twitterer, you’re gonna love this. Below is a quick demo video I did via Qik that shows the functionality.

• Sphere It
• 

Yahoo’s Search Blog has posted a list of some of the most promising new web apps being built using its BOSS search platform. BOSS is a radically open API that launched last month that allows developers to utilize much of Yahoo’s core search data without the restrictions seen on most other search APIs.

4HourSearch - A week ago Yahoo VP of Platforms Sam Pullara released Yuil, a search engine that looked nearly exactly like recently launched (and overhyped) Cuil, but powered by Yahoo’s BOSS. The search engine actually managed to produce better results than Cuil by many accounts, but it was not to be - lawyers stepped in and Yuil was taken down only hours after it first went up. Pullara ripped the guts out of of Yuil and redid the layout to be less tempting to DMCA-hungry lawyers, leaving us with 4HourSearch (which was apparently created in 4 hours).

NewsLine - Dipity has combined BOSS with the Daylife news API to create NewsLine, an interactive timeline that places news events in chronilogical order. The result works surprisingly well, especially for current events. Earlier this year Dipity released TimeTube, a similar mashup that displays YouTube videos across a timeline. We covered TimeTube here.

You can find more mashups and details at the original blog post here

• Sphere It
• 

The dog days of August lend themselves to kicking back and letting the world slide by. Since the advent of the Web 2.0 ecosystem, they’ve also been the province of a tech company version of the summer shows the networks play off - failed pilots, reality programming being tried out for the Big Show or another writer’s strike, and ratings stinkers that can be buried outside of Sweeps months.

But the DVR has changed everything, in the process eliminating the notion of special sweeps periods and the upfronts where the new season is hawked. Instead, every day is Premiere Month, with the quality of the audience becoming a function of its trackability. The more that you can see the gestures of the audience in real time, the less you need to attract their attention and the more you can market it to the advertisers. In that context, a show played back is no longer a second class citizen; instead the metadata about when you played it back and what was going on at that time form a more powerful indicator of intent, and the common signature of like-minded users a highly valued target.

In fact, television and music content have become more like software than they are different, and the release of the iPhone App Store is a significant new platform for the intersection of what formerly were seen as two different products.

What kinds of programming will emerge? Perhaps a kind of reality show with mobile devices, where contestants roam the real world and use their phones as transaction wands to indicate their interest (or lack of it) in products, events, personalities, and so on. Team behavior is aggregated and mined by matching demographic profiles with reactions to produce “answers” to questions about news of the day, topic swarms on Twitter or other social networks, the race for the White House.

In effect, a new hyper reality show becomes possible, where the App Store is the gateway for an Adsense-like version of Big Brother that leaves the house and breaks out into the virtual community. The device and bandwidth is subsidized by the show, so that Apple can turn on the video aspects of the phone to produce footage, and the community could even be encouraged to provide production support for cataloging and editing the show together via the app and the phone.

Read the full rant on TechCrunchIT

• Sphere It
• 

As part of the ongoing integration of its DoubleClick acquisition (yesterday it sold off Performics), Google will be placing an additional DoubleClick cookie on the browsers of everyone who visits a site that is part of Google’s current AdSense network. This will allow Google to more easily serve up display ads from DoubleClick across that network of sites. It will also allow it to introduce some basic improvements such as frequency capping (letting advertisers limit how many times the same person sees the same ad), and better reporting and conversion data.

All of that is great for advertisers and great for Google, which will be able to leverage its vast, existing Adsense network to push more display ads as well. This is what scares the hell out of Microsoft and Yahoo, and was the prime impetus for Microsoft seriously getting into the online ad business in the first place with its acquisition of aQuantive last year and its attempts to buy Yahoo this year.

For consumers, it means even more cookies on their browsers and more attempts to target ads to them. From the Google Blog:

We are enabling this functionality by implementing a DoubleClick ad-serving cookie across the Google content network. Using the DoubleClick cookie means that DoubleClick advertisers and publishers don’t have to make any changes on their websites as we continue our integration efforts and offer additional enhancements.

On the bright side, for those who of you who have enough cookies on your browser, Google is letting you opt out of cookies for both AdSense and DoubleClick ads with one click.

Clarification: If you already have a DoubleClick cookie on your browser, and you probably do, then you won’t get a new one. That one will just work with Google’s ad network. And Google’s ad network has been able to serve display ads from DoubleClick and others since May, but this strengthens that capability with respect to DoubleClick ads in particular.

(Flickr photo by scubadive67).

• Sphere It
• 

Regator, the blog aggregator that acts like a mix between a standard RSS reader and Digg, has launched in public beta.

We initially covered Regator in July when the site launched in a limited private beta. At the time my biggest concern was the inability to add your own RSS feeds to the site, which restricted you to the approximately 3,000 blogs handpicked by Regator. CEO Scott Lockhart says that the site has been updated to allow users to upload their own feeds, but these won’t be visible to other users until they have been approved by Regator’s editors.

The site has also expanded on its sharing functionality to include Twitter and Facebook, with plans to introduce further integration with social networking sites in the future. There are a number of similar sites that combine news aggregation with social voting, including Socialmedian, which we covered last week.

• Sphere It
•