Home > Security > When Facebook Apps Attack!

When Facebook Apps Attack!

Facebook, and other popular social networking services like Twitter and MySpace, are the new frontier when it comes to attack surfaces for the bad guys. They are the target of attack because, like Internet Explorer and like Microsoft Windows before it, that’s where the users are. All of these services have been struck by cross-site scripting attacks, malicious add-on applications, password attacks, and everything else in the Web 2.0 tool box.

There is absolutely nothing new in the way these attacks are delivered or the form in which they take. They mostly play on the typical curiosity that an end-user has for the shiny link, app, or video that is presented to them. But that old addage – don’t click on it unless you know what it is – still applies in the vast majority of these social networking attacks.

Facebook has seen several new rounds of malicious application attacks in the last week or so, including yet another tour of the Koobface worm. This particular piece of malware appears as a note from a friend on Facebook with some call to action to see a humorous, or potentially embarrassing, video. The actual payload passes itself off as an update to Flash or other such media viewer. Once installed, the trojan steals cookies for various sites, including Facebook, allowing itself to login and interact with Facebook via its API interface on your behalf. This is how it can then propagate further.

Think “Do I really need to add another smiling puppy to my Facebook page?” the next time that application request comes in. And, no, you probably weren’t caught on video doing something dumb.

Categories: Security Tags:
  1. No comments yet.
  1. No trackbacks yet.