Trojans on Facebook

http://thompson.blog.avg.com/2009/1...ons-reach-out-to-exploit-sites-in-russia.html

 

Wow, I am surprised. Facebook is vulnerable.

 

That's interesting, but not a surprise.
Validation for my lack of trust in social network type sites?

 

Probably better odds of not encountering something on Facebook than on the world wide web! From earlier this summer:

55,000 Web sites hacked
http://blogs.zdnet.com/security/?p=4091

According to this blog about the Facebook trojan, the application had an i-frame embedded in the code which redirected the user to a Russian Web site whereupon a rogue security application exploit was set in motion.

In his blog, Thompson writes,

This implies some type of code injection exploit, such as SQL in web pages. But in another article, Thompson is quoted:

Hacked Facebook apps
http://www.infoworld.com/d/security...ivirus-software-297?source=rss_infoworld_news

You may remember that the Gumblar PDF exploits also gained access to thousands of web sites by compromised FTP passwords, whereupon the malicious code was embedded in the pages.

Thompson doesn't detail exactly how the Facebook exploit is triggered. Is it a social engineering ploy? Or remote code execution? One of his screenshots shows the download of Antivirus Pro 2010 in progress but he also states:

Another article has this to say:

Hacked Facebook Apps Lead to Fake Antivirus Software
http://www.pcworld.com/businesscent...ook_apps_lead_to_fake_antivirus_software.html

What software? An old IE exploit? PDF?

Not surprising, since no real helpful information is given, no preventative measures are discussed. Also not surprising, these other articles link back to the AVG blog, which ends with

All of this is not to downplay the significance of this exploit, but whether Facebook or a Google poisoned link which redirects to a malicious site, preventative measures which inform about the social engineering tricks, and proper security against remote code execution attacks apply in all cases.

Same old stuff.

-rich