Facebook Malvertisement Leads to Exploits
There are already many known ways by which cybercriminals target Facebook users. In the infographic we recently released, “The Geography of Social Media Threats,” we illustrated the different social networking features cybercriminals abused and the threats that these usually lead to.
In the course of conducting research, we found one specific attack that targeted Facebook users through a different route—malvertisements.
We encountered an infection chain wherein the user is led from a page within Facebook to a couple of ad sites then, finally, to a page that hosts exploits. When we traced the connection between the ad sites and Facebook, we found that the ad providers were affiliated with a certain Facebook application. We checked out the said application and found that it is indeed ad supported. We were able to come up with the likely infection chain based on this finding:
Upon accessing the application, the malvertisement gets loaded, triggering a series of redirections. The redirections finally lead to a malicious site, which then loads several exploits, particularly those related to Java and ActiveX:
The exploits were loaded to download more malicious files although we weren’t able to trace these anymore since the URLs they accessed were already inaccessible. Nonetheless, Trend Micro already provides protection for this kind of threat by not only blocking access to malicious URLs but also by protecting against the execution of the said exploits.
Malvertisements are considered grave threats, especially since much like website compromises, attacks related to these usually involve trusted sites that users already typically visit without risk of system infection. In 2009, visitors of the NYTimes were exposed to threats when malvertisements were found on its pages, leading users to FAKEAV variants. Earlier this year, Trend Micro researchers also found malicious ads being displayed in a Web-based email service, directing users to URLs serving PDF exploits.
For this particular incident, users are advised to be careful when it comes to installing Facebook applications and, more importantly, to utilize a security product with a strong Web reputation technology that can help determine bad links from good ones within a social networking environment.
Post from: TrendLabs | Malware Blog – by Trend Micro
Facebook Malvertisement Leads to Exploits
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet