 |  |  |  |  |  |  |  |
Warning: Trojans Hiding In Facebook Apps
It's not just phishing scams that Facebook users have to worry about right now,
According to Roger Thompson, the Chief Research Officer with security vendor AVG, hacked Facebook applications are increasingly reaching out to exploit sites based in Russia. As Thompson says, this is different to the normal run of things whereby people are linking to hacked pages innocently enough on social networking sites. "These seem to be actual Facebook applications that have been hacked" Thompson points out, adding that the application developers are "innocent victims too".
AVG researchers first spotted the trend when a fire-fighter simulation game which it assumed was a developer hack, pointing to a Russian site where a scareware scam was being peddled. But when they looked closer, they discovered in the source code for the web pages an injected iframe that did the damage.
What is not obvious at the moment is just where the holes are in the infected Facebook apps which are letting the bad guys inject their code, but Thompson is as sure as he can be that the app developers are just as much victims as anyone else in these matters. So far AVG has uncovered at least 8 Facebook apps which have been compromised, and the full details can be found here along with screenshots of one exploited app and the exploit sites it reaches out to.
Maybe it is time to rethink the way that Facebook approaches app development and reconsider adopting the Apple approach to app security?
According to Roger Thompson, the Chief Research Officer with security vendor AVG, hacked Facebook applications are increasingly reaching out to exploit sites based in Russia. As Thompson says, this is different to the normal run of things whereby people are linking to hacked pages innocently enough on social networking sites. "These seem to be actual Facebook applications that have been hacked" Thompson points out, adding that the application developers are "innocent victims too".
AVG researchers first spotted the trend when a fire-fighter simulation game which it assumed was a developer hack, pointing to a Russian site where a scareware scam was being peddled. But when they looked closer, they discovered in the source code for the web pages an injected iframe that did the damage.
What is not obvious at the moment is just where the holes are in the infected Facebook apps which are letting the bad guys inject their code, but Thompson is as sure as he can be that the app developers are just as much victims as anyone else in these matters. So far AVG has uncovered at least 8 Facebook apps which have been compromised, and the full details can be found here along with screenshots of one exploited app and the exploit sites it reaches out to.
Maybe it is time to rethink the way that Facebook approaches app development and reconsider adopting the Apple approach to app security?
0
•
•
•
•
Facebook apps already have a bad reputation. If word gets out about lurking viruses, good luck on getting new users to install your app.
0
•
•
•
•
how to avoid this deadly virus called troja, can you recommed any antiware to tackle this. For user of facebook and e-mail users.
thanks, liftedlink.
thanks, liftedlink.
Similar Threads
- Using WildFire To upstart your business Facebook presence (Growing an Online Community)
- Wanted: PHP Programmer with experience developing Facebook apps (Web Development Job Offers)
- News Story: Linux legend DVD Jon brings music sharing software to Facebook (Network Security)
- Facebook game application cheapest Ads space for sales (Ad Space for Sale)
- New Appl for Windows Mobile 6 Phones (VB.NET)
- Linker problems (C++)
- Which programming language used in this website ??? (PHP)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
age amd antivirus api apple apps avatar bluegene botnet browser business chips crime cybercrime daniweb data database development dos economy email encryption energy enterprise exploit facebook firefox fraud google government hack hacker hacking hardware ibm ibm.news intelibm internet iphone itunes kaspersky linkedin linux malware mcafee mckinnon medicine memory microsoft mobile myspace nasa networking news obama openoffice opensource password patch pc phishing privacy ps3 recession redhat report research russia scam search security socialmedia socialnetwork socialnetworking software spam spyware sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk usb virus vista vulnerability warning web webmail windows windows7 working worm x86 xp
