Hacked Facebook Applications Install Fake Antivirus Software
Roger Thompson, Chief Research Officer, AVG, has recently disclosed that many games and other applications made to be used on Facebbok.com have been attacked for silently sending users to websites that try to download harmful programs, as per the news by THE WASHINGTON POST on October 15, 2009.
Thompson adds that though hijacked Facebook accounts are not odd, but "this is the first time when Facebook applications have been targeted", as per the reports by SFGATE on October 14, 2009.
The security company traced back many hacked Facebook applications to a Russian website. This site seems to be exploiting hacked applications to initiate attacks against users' systems by exploiting unpatched Adobe software vulnerabilities, said Thompson.
Thompson has also discovered that these referrals are coming from a Facebook application known as "City Fire Department", a game where several players reply to emergency calls. The application has been modified to deliver an iframe, a method to bring content from one website to another.
The attack uses an Adobe exploit. If the users' computers are not patched, then it downloads the exploit first (rogue antispyware but possibly a Trojan).
Thompson states in a blog post that apart from "City Fire Department", other hacked Facebook applications include - MyGirlySpace, Ferraritone, Mashpro, Mynameis, Pass-it-on, Fillinthe and Aquariumlife.
AVG has told Facebook about the discoveries but he (Thompson) notes that it is hard to recognize who maintains each of the Facebook applications.
Simon Axton, Facebook Spokesman, said that their officials responded quickly to the news of hacked apps on servers.
However, attacks like this remind how important it is to update third-party software with the new security patches. For instance, on October 13, 2009, Adobe released a latest version of Adobe Acrobat and its free PDF Reader application that has the capacity to fix around 29 patches in the programs, including the one that is already targeted by hackers.
Related article: Hacked Mall Websites Leave Little Impact on Business
» SPAMfighter News - 31-10-2009