|
Drive-by download attack on Facebook detected A drive-by download attack has been detected on facebook. These malicious programs use malicious advertisements, known as “Malvertising” for infecting users with malwares. Malvertising attacks are resulted by lax background screening practices, which function on behalf of ad sale teams or advertising networks. These attackers act as a legitimate advertiser, so that there ads get approval easily, and later on input malicious codes into their ads to corrupt facebook. The facebook security researches reportedabout this attack in an interview. They said, “We encountered an infection chain, wherein the user is led from a page within Facebook to a couple of ad sites, and then finally to a page that hosts exploits. We traced the connection between the ad sites and Facebook, and found that the ad providers were affiliated with a certain Facebook application. We checked on the said app, and found that it is indeed, ad-supported.” A lot of websites and ad-networks have been the prey for this malware advertising attacks over years. Even facebook was earlier attacked by similar attackers. However, these malwares were not as dangerous as malvertisements. Malvertisements does not require any human interaction and hence, can infect facebook easily. Due to the wide accessibility of facebook, it is being used by thousands of third party app developers, who work with various ad companies to promote their business. This process gives an open invitation to malvertisements. As facebook cannot help much to resolve this issue; hence, the responsibility shifts to the facebook users. Facebook users should regularly update their software to prevent any malware attacks. If they forget to do so or are unable to understand the functions, they should disable all the plugins in their facebook, because, plugins are the biggest gateway for these malvertisements. Therefore, facebook users are recommended to update their security softwares and all web accessed softwares regularly. One Response to Drive-by download attack on Facebook detected Leave a Reply |
|
Thanks a bunch for trying to describe the terminlogy for the noobs!