Bad guys now launching attacks through hacked Facebook apps
Now, AVG's security researchers have discovered a new threat on Facebook. For the first time, they've found hacked Facebook apps. According to AVG, the apps are being used to launch drive-by attacks which target vulnerabilities in Adobe Reader and Adobe Flash. AVG reports finding seven hacked apps, but they admit there could well be more.
First things first: if you're not running up to date versions of either of those, download them right now. Here's the link to Flash and here's one for Reader. Using anything but the most current version could leave you open to attack.
The attack works like this. Visit the Facebook page for any of the hacked apps and click to install. Instead of the normal process, the page will try to push a poisoned PDF document to your machine. Once open, the infected PDF infects your system with a bogus antivirus application - which are often notoriously difficult to remove.
I've mentioned fake antivirus programs like these before on Download Squad. If you've been infected, you can try the tools listed on this post to clean up your system.
To keep from getting infected in the first place, make sure you:
- have a good antivirus program installed and that it is fully updated
- update browser plugins like Java, Flash, and Adobe Reader as soon as you are prompted to do so
- install any critical Windows updates that are available
- check comments on new apps before you install - others may have already been infected and left a post on the wall!