Facebook Drive-By Malware

Trend Micro reports that it has detected a drive-by download attack on Facebook that uses malicious advertisements to silently infect visitors with malware related to Java and ActiveX exploits dating from 2006 to 2010.  The user is led from a Facebook page to a couple of ad sites, and finally to a page that hosts the exploits.  The ad providers were found to be affiliated with a Facebook application that it is ad-supported.

“Malvertising” attacks are generally the result of poor background screening practices by ad networks or sales teams.  Attackers impersonate legitimate advertisers to get their ads approved and then swap them with ads that contain malicious code.  Big ad networks and popular mainstream websites including Facebook have hosted these attacks over the years.  Drive-by download exploits attacking popular browsers or plug-ins are very dangerous since they don’t require any user interaction and take place silently.

Unfortunately, Facebook’s platform is designed to allow thousands of third-party app developers to work with any advertisers they choose.  There’s not much Facebook can do about policing the problem, so users must protect themselves.

Keep your anti-virus on and updated, use virtual machines and sandboxes when surfing, and be selective in what you click on.  Use web-content filters like WebSense, BlueCoat or the free for home use K9 product to stop access to known malicious sites.