Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

Beware of hacked Facebook applications

By Asavin Wattanajantra in Editorial

Posted in antivirus, AVG, applications, Facebook on October 15, 2009 at 2:20 pm

Permalink | Author Profile

Being the Facebook junkie that I am, I’ve been playing a lot of the applications as I am generally quite a sad person. However, there was a bit of security news today that perhaps maybe should convince me that I need to be a little bit more careful.

Roger Thompson, chief research officer for security firm AVG, writes in a blog post about an attack which looks more serious than the usual way that social networks can sometimes link to hacked sites.

He says that actual Facebook applications are being hacked - not by the actual developers of the apps but bad guys looking to piggy back on their popularity.

He used an example of an app called CityFireDepartment, an online game where a player is supposed to play a role at being a fireman.

Once you have added the app, instead of playing the game the victim is presented with a fake Adobe licence agreement, followed by spyware downloaded onto the computer if you are unpatched.

At first Thompson and his team believed it was a deliberate hack by the developers, but it was actually caused by a outsider who has an iframe into the source code.

The line of malicious code changes once a day, and calls to a different exploit site.

He said: “Initially, we thought that the applications were deliberately acting as lures, but it now seems to us that they are victims themselves.

“The difficult part for them will be to find and plug the hole that the data snatchers are using to hack the applications.”

He names the other Facebook apps affected as MyGirlySpace, Ferrarifone, Mashpro, Mynameis, Pass-it-on, Filinthe and Aquariumlife.

12345
Rated: 60% (2 votes)
Loading ... Loading ...

 

   
Tag cloud

Google Street View morph video app phishing Steve Jobs password status PR Wherecloud update Scrabble YouTube poking hype opinion RSS mobile pod casting journalism Google Reader IM virtual worlds Kindle death old school satnav Beijing trend micro Lewis hamilton Christmas Sonic unlimited illegal university of portsmouth Mafia Wars Klingon offline software Amazon worm Star Trek downloading ducks Cisco smartphone Mozilla ASA Firefox broadband tool Friendfeed website internet remote working top ten tips Daily Mail DNSSEC Mario NHS brainwaves traffic Dark Market flaw sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic medials data breaches cybercrime instant messaging Sophos RPG human clones nokia tech rickrolling murder future Twitpocalypse filters Fraud social media malware IT PRO MMORPG crime browser brain growth eBooks hatred iPhone funny DNS fun pride Olympics science military video games Apple crime map Google flashmob Bill Gates Twitter Kaminsky uSwitch Nintendo BERTI feed teenagers flexible working staff hacking Microsoft vote cyber crime Transformers sightings streaming alcohol Terminator alibi robots Google Spotify David Blunkett James Bond Black Hat BlackBerry government hack Pirate Bay pirate hackers Flurry news fire spam World of Warcraft Digg Digital Britain privacy Sega FBI multimedia lapto ID cards kill research Second Life Google Maps bendy surveillance ENISA Republicans phone SQL injection Hitwise Farmville paranoia control music Clampi legal credit card data Facebook swear words replies
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement