Filed under: Security, Social Software, web 2.0
Bad guys now launching attacks through hacked Facebook apps
Now, AVG's security researchers have discovered a new threat on Facebook. For the first time, they've found hacked Facebook apps. According to AVG, the apps are being used to launch drive-by attacks which target vulnerabilities in Adobe Reader and Adobe Flash. AVG reports finding seven hacked apps, but they admit there could well be more.
First things first: if you're not running up to date versions of either of those, download them right now. Here's the link to Flash and here's one for Reader. Using anything but the most current version could leave you open to attack.
The attack works like this. Visit the Facebook page for any of the hacked apps and click to install. Instead of the normal process, the page will try to push a poisoned PDF document to your machine. Once open, the infected PDF infects your system with a bogus antivirus application - which are often notoriously difficult to remove.
I've mentioned fake antivirus programs like these before on Download Squad. If you've been infected, you can try the tools listed on this post to clean up your system.
To keep from getting infected in the first place, make sure you:
- have a good antivirus program installed and that it is fully updated
- update browser plugins like Java, Flash, and Adobe Reader as soon as you are prompted to do so
- install any critical Windows updates that are available
- check comments on new apps before you install - others may have already been infected and left a post on the wall!
digg_url = 'http://www.downloadsquad.com/2009/11/25/the-atari-classics-are-back-and-free-to-play-asteroids-lunar-l/';
Believe it or not, Atari have just released a bunch of old games on their own website. These aren't clones, these aren't even 'loving interpretations' -- these are the real thing, remade by Atari themselves. This comes as part of a re-launch for the Atari website which includes an online store.
I warn you, if you read on, this might turn into more than just a mere ten-minute time-waster.
...
Reader Comments (Page 1 of 1)
r3loaded said 12:36PM on 10-19-2009
Can't Facebook crack down on this? I thought they controlled the apps environment - they should be easily able to revoke the developer key for any compromised apps.
Reply
Todd said 12:58PM on 10-19-2009
Because just like the "mothership" ( Microsoft ) Facebook has nothing but contempt and disdain for their users.
P.S. Microsoft invested $100,000.00 in Facebook a while back
Beth Jones said 11:22AM on 10-21-2009
There's a trust factor on Facebook, and many other social media sites. People feel that their little corner of the world is safe. They feel like these games and apps shouldn't be compromised because "Why? What value is in hacking Aquariumlife?" Kids using Facebook certainly don't think about security threats. They are simply looking for something to do.
This is exactly WHY these attacks are so successful right now, just as the first email worms were 10+ years ago. Cyber-criminals know how to exploit this trust to infect more people. In time, the trust will erode to a healthy skepticism, just as it has for email and web browsing.
Feel free to check out http://www.sophos.com/security/topic/facebook.html and http://www.sophos.com/security/best-practice/facebook.html to see how to lock down your Facebook access. In addition, the same best practices such as having up-to-date security software, applying OS patches, whether Mac or Windows, changing your passwords frequently (and not using the same one for everything) and simply being vigilant can go a long way.
Beth Jones,SophosLabs
Reply