In association with heise online

17 October 2009, 14:51

Trojans on Facebook

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Facebook Apps like these are increasingly popular.
In his blog Roger Thompson of anti-virus vendor AVG warns of Facebook applications that specifically target a security hole in Adobe Reader to install scareware on users' systems. It seems that the application providers themselves have become the victims of attacks.

Attackers have apparently embedded iframes that retrieve malicious code from various servers, into the web pages of the Facebook applications. Systems which are running an old version of Adobe Reader are subsequently infected with a bogus security program. The program promptly issues a warning about a fictitious security problem, advising the user to buy the full program in order to remove the non-existent threat. This trick is explained in detail in the The H Security article Thieves and charlatans - Rogue antivirus products.

How the web pages were infected remains unclear. According to Thompson, the affected Facebook apps are:

  • City Fire Department
  • MyGirlySpace
  • Ferrarifone
  • Mashpro
  • Mynameis
  • Pass-it-on
  • Fillinthe
  • Aquariumlife

However, the increasingly popular apps in social networks also carry other risks. To obtain an answer to important questions, such as "Which Simpson character are you?", they request access to a user's account. If a user consents, the apps have access to all of the user's resources, including far more than just their names, email addresses and so on. As there is no way of restricting access rights in Facebook and other social networks, applications can also send messages on a user's behalf. Or they can steal the private data of a user's "friends", information originally disclosed because of the atmosphere of trust that social networks foster. There tends to be no time limit on the apps, and every game or quiz that has been entered on the list of accepted applications remains there until users themselves remove it.

Since applications run on an external server, usually located abroad, and directly talk to Twitter or Facebook instead of via the user's account, the user has no way of controlling what exactly is retrieved. The terms of use offer virtually, or in some cases literally, no protection against abuse. This problem is illustrated rather impressively by the Facebook quiz What Do Quizzes Really Know About You?. This might be a good time to go over your Facebook settings for applications  ...


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit