Trojans On Facebook

[Peaches]

17 October 2009, 15:51

Trojans on Facebook

Facebook Apps like these are increasingly popular. In his blog Roger Thompson of anti-virus vendor AVG warns of Facebook applications that specifically target a security hole in Adobe Reader to install scareware on users' systems. It seems that the application providers themselves have become the victims of attacks.

Attackers have apparently embedded iframes that retrieve malicious code from various servers, into the web pages of the Facebook applications. Systems which are running an old version of Adobe Reader are subsequently infected with a bogus security program. The program promptly issues a warning about a fictitious security problem, advising the user to buy the full program in order to remove the non-existent threat. This trick is explained in detail in the The H Security article Thieves and charlatans - Rogue antivirus products.

How the web pages were infected remains unclear. According to Thompson, the affected Facebook apps are:

• City Fire Department
• MyGirlySpace
• Ferrarifone
• Mashpro
• Mynameis
• Pass-it-on
• Fillinthe
• Aquariumlife

However, the increasingly popular apps in social networks also carry other risks. To obtain an answer to important questions, such as "Which Simpson character are you?", they request access to a user's account. If a user consents, the apps have access to all of the user's resources, including far more than just their names, email addresses and so on. As there is no way of restricting access rights in Facebook and other social networks, applications can also send messages on a user's behalf. Or they can steal the private data of a user's "friends", information originally disclosed because of the atmosphere of trust that social networks foster. There tends to be no time limit on the apps, and every game or quiz that has been entered on the list of accepted applications remains there until users themselves remove it.

Heise security for more details - http://www.h-online....ook-832177.html