Inspiration & Genius – One and the Same

Hacked Facebook applications reach out to exploit sites in Russia

Written by Steve Shead on October 15, 2009 Leave a Comment

From: AVG Blogs | Roger Thompson

Hi folks,

All the social networking sites have issues with calling out to exploit pages. Usually what happens is that someone’s website gets hacked, and because they link to it from their MySpace or Facebook page, their contacts and friends sometimes get drawn to the attack sites. This is quite common, and we’ll write about it soon, but today’s story is a little different, in that these seem to be actual Facebook applications that have been hacked. (Please note that the application developer(s) are innocent victims too, and did not intend for their games to be hacked.)

The first one we noticed was CityFireDepartment, which seems to be a sort of online game that allows a player to become a fireman. (Please DO NOT GO to this application until it is cleaned up).

This is how it’s supposed to look… (Click image to enlarge)

facebook1

But what you see instead is something like this (especially if you are not patched)…

facebook2

If you’re not patched, the next thing you see is this… (note the “Your computer is infected” warning in the bottom right corner of the screen):

facebook3

Followed by…

facebook4

And if you have a nifty change notification tool, like WRremote, you’ll see that you are already nailed, with sys files already having been installed.

At first, we thought this was a deliberate hack attempt by the developers, but when we looked at the source code for the web pages, we found this iframe injected into the source…

facebook5

Interestingly, this line changes at least once a day, and calls to a different exploit site, so the bad guys are still exploiting the hole, whatever it is. And also interestingly, some of their users are also telling them they have a problem. Here are some of the comments…

facebook6

Initially, we thought that the applications were deliberately acting as lures, but it now seems to us that they are victims themselves. The difficult part for them will be to find and plug the hole that the data snatchers are using to hack the applications.

The other applications where we have detected the hack include (we don’t include direct links to them in order to save you):

  • MyGirlySpace
  • Ferrarifone
  • Mashpro
  • Mynameis
  • Pass-it-on
  • Fillinthe
  • Aquariumlife

There could easily be lots more, but that’s what we’ve noticed with this particular hack.

It’s a tricky world out there folks, keep safe.

Posted in Tech | Tagged , , , , , , , , ,

Leave a Reply

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»

Genesis Framework

Genesis Framework for WordPress

Studiopress Themes

Scribble Theme - A Beautiful Frame For Your WordPress Website

Advertisements