Hacked Facebook applications reach out to exploit sites in Russia

http://www.daniweb.com/news/story231627.html#

http://thompson.blog.avg.com/2009/10/hacked-facebook-applications-reach-out-to-exploit-sites-in-russia.html

Hi folks,

All the social networking sites have issues with calling out to exploit pages. Usually what happens is that someone’s website gets hacked, and because they link to it from their MySpace or Facebook page, their contacts and friends sometimes get drawn to the attack sites. This is quite common, and we’ll write about it soon, but today’s story is a little different, in that these seem to be actual Facebook applications that have been hacked. (Please note that the application developer(s) are innocent victims too, and did not intend for their games to be hacked.)

The first one we noticed was CityFireDepartment, which seems to be a sort of online game that allows a player to become a fireman. (Please DO NOT GO to this application until it is cleaned up).

This is how it’s supposed to look… (Click image to enlarge)

Hacked Facebook applications reach out to exploit sites in Russia - I

But what you see instead is something like this (especially if you are not patched)…

Hacked Facebook applications reach out to exploit sites in Russia - II

If you’re not patched, the next thing you see is this… (note the “Your computer is infected” warning in the bottom right corner of the screen):

Hacked Facebook applications reach out to exploit sites in Russia - III

Followed by…

Hacked Facebook applications reach out to exploit sites in Russia - IV

And if you have a nifty change notification tool, like WRremote, you’ll see that you are already nailed, with sys files already having been installed.

At first, we thought this was a deliberate hack attempt by the developers, but when we looked at the source code for the web pages, we found this iframe injected into the source…

Hacked Facebook applications reach out to exploit sites in Russia - V

Interestingly, this line changes at least once a day, and calls to a different exploit site, so the Bad Guys are still exploiting the hole, whatever it is. And also interestingly, some of their users are also telling them they have a problem. Here are some of the comments…

Hacked Facebook applications reach out to exploit sites in Russia - VI

Initially, we thought that the applications were deliberately acting as lures, but it now seems to us that they are victims themselves. The difficult part for them will be to find and plug the hole that the DataSnatchers are using to hack the applications.

The other applications where we have detected the hack include (we don’t include direct links to them in order to save you):

  • MyGirlySpace

  • Ferrarifone

  • Mashpro

  • Mynameis

  • Pass-it-on

  • Fillinthe

  • Aquariumlife

There could easily be lots more, but that’s what we’ve noticed with this particular hack.

It’s a tricky world out there folks, keep safe.

Advertisements
This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s