An application within Facebook known as FarmTown has been found to have a malicious advertisement that redirects users to fake antivirus software.
Facebook is the most popular social network with over 400 million users and it is the prime target for hackers to conduct malicious actions and even spread fake antivirus applications through malvertising. The latest malvertising scam to hit Facebook is a banner advertisement for greeting cards that is displayed through the Farm Town app in Facebook.
Farm Town, a popular gaming app in Facebook, has over 9 million users. Many users have reported of being redirected to multiple sites that advertise and sell what appears to be antivirus applications. Those applications were later found to be rogue anti-virus programs that are designed to extort money from unsuspecting computer users.
The malicious advertisements in Farm Town, as shown in figure 1. below, were bad Shockwave Flash adverts designed to redirect users from Facebook onto other domains that resulted in a web page being displayed that sells fake antivirus software.
Figure 1. – Malicious GreetingCards Flash Advertisement on Farm Town Facebook app.
Many of the malicious sites that users are redirected to initiate from the IP address 184.108.40.206 associated with several rogue domain names such as the following (do not visit):
Since these findings, the makers of Farm Town, SlashKey, has posted a notice on their website that the developers have been notified of this problem and advised users to avoid clicking on links within popup messages that warns you of a computer infection.
As with any type of fake antivirus or rogue anti-spyware application, it is suggested that it be removed with a spyware removal tool. Do you use the Farm Town Facebook app? Have you seen the GreetingCards advertisement (figure 1.) before?