Hacked Facebook Apps Lead to Fake Antivirus Software

New applications are turning up on Facebook. Unfortunately, some of them are fake antivirus programs.

While researching Web sites that host malicious software, Roger Thompson, chief research officer of software security company AVG, noticed something funny. A Russian Web site known for hosting malware was getting lots of referrals from Facebook.

On further investigation, Thompson found the referrals were coming from a Facebook application called "City Fire Department," a game where multiple players respond to emergency calls. The application had been modified to deliver an iframe, which is a way to bring content from one Web site into another.

The iframe serves up code that tries to exploit vulnerabilities in a PC's software. If it finds one -- a process that happens nearly instantly -- it then downloads a fake antivirus program called Antivirus Pro 2010. Thompson posted screenshots on AVG's blog.

Bogus antivirus programs have been around for a long time, but they've become an increasing nuisance this year as those who create them seemed to have stepped up their game. When installed on computers, the programs nag users to buy them. The applications, which can cost upwards of US$60, are generally useless against real security threats.

Thompson thought the people who wrote City Fire Department might be behind the scam. But the malicious code was actually hosted on Facebook, which led Thompson to theorize that the developers of City Fire Department inadvertently had their Facebook passwords obtained by a hacker, after which the application was modified.

The password credentials could have been compromised through a phishing scam, or a developer's PC could have been hacked. City Fire Department's developers acknowledged a problem on Facebook on Thursday.

"The application has been taken offline until we can resolve all issues," according to the post. "We understand the frustration some users are feeling, and we will update with a timeline as soon as we can. Obviously, we would rather have a properly functioning game running instead of a half-working game."

Facebook has been notified. The social-networking site "certainly takes security seriously, and they respond very quickly but the stuff that comes out of left field is hard to defend against," Thompson said.

Three or four other applications had also been modified, Thompson said. Facebook can deactivate the applications until they are cleaned up. The situation also poses a danger to enterprises, who may allow their users access to Facebook through their firewall, thus opening a vector to deliver malware.

"The corporate firewall doesn't provide any security," Thompson said.

Facebook representatives couldn't be bothered for comment.

SOURCE: PC World

See also:



Copyright © Jewish Internet Defense Force
All Rights Reserved

LEGAL:
The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Related Posts with Thumbnails