It's not just phishing scams that Facebook users have to worry about right now,
According to Roger Thompson, the Chief Research Officer with security vendor AVG, hacked Facebook applications are increasingly reaching out to exploit sites based in Russia. As Thompson says, this is different to the normal run of things whereby people are linking to hacked pages innocently enough on social networking sites. "These seem to be actual Facebook applications that have been hacked" Thompson points out, adding that the application developers are "innocent victims too".
AVG researchers first spotted the trend when a fire-fighter simulation game which it assumed was a developer hack, pointing to a Russian site where a scareware scam was being peddled. But when they looked closer, they discovered in the source code for the web pages an injected iframe that did the damage.
What is not obvious at the moment is just where the holes are in the infected Facebook apps which are letting the bad guys inject their code, but Thompson is as sure as he can be that the app developers are just as much victims as anyone else in these matters. So far AVG has uncovered at least 8 Facebook apps which have been compromised, and the full details can be found here along with screenshots of one exploited app and the exploit sites it reaches out to.
Maybe it is time to rethink the way that Facebook approaches app development and reconsider adopting the Apple approach to app security?