Trojans on Facebook

Discussion in 'malware problems & news' started by Pinga, Oct 16, 2009.

Thread Status:
Not open for further replies.
  1. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Wow, I am surprised. Facebook is vulnerable. :D
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    That's interesting, but not a surprise.
    Validation for my lack of trust in social network type sites?
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Probably better odds of not encountering something on Facebook than on the world wide web! From earlier this summer:

    55,000 Web sites hacked
    http://blogs.zdnet.com/security/?p=4091
    According to this blog about the Facebook trojan, the application had an i-frame embedded in the code which redirected the user to a Russian Web site whereupon a rogue security application exploit was set in motion.

    In his blog, Thompson writes,

    This implies some type of code injection exploit, such as SQL in web pages. But in another article, Thompson is quoted:

    Hacked Facebook apps
    http://www.infoworld.com/d/security...ivirus-software-297?source=rss_infoworld_news
    You may remember that the Gumblar PDF exploits also gained access to thousands of web sites by compromised FTP passwords, whereupon the malicious code was embedded in the pages.

    Thompson doesn't detail exactly how the Facebook exploit is triggered. Is it a social engineering ploy? Or remote code execution? One of his screenshots shows the download of Antivirus Pro 2010 in progress but he also states:

    Another article has this to say:

    Hacked Facebook Apps Lead to Fake Antivirus Software
    http://www.pcworld.com/businesscent...ook_apps_lead_to_fake_antivirus_software.html
    What software? An old IE exploit? PDF?

    Not surprising, since no real helpful information is given, no preventative measures are discussed. Also not surprising, these other articles link back to the AVG blog, which ends with

    All of this is not to downplay the significance of this exploit, but whether Facebook or a Google poisoned link which redirects to a malicious site, preventative measures which inform about the social engineering tricks, and proper security against remote code execution attacks apply in all cases.

    Same old stuff.

    -rich
     
Loading...
Thread Status:
Not open for further replies.