Another Facebook Application, Family Link, has been affected by malicious greeting card advertisements infected with malware, virtually identical to the one we reported being found on Facebook's Farm Town App.
Similar to the malicious advert on Farm Town, the advertisement found on the Family Link application (Figure 1. below) redirects users to a malicious site. The malicious GreetingCards.com ad found in 'Family Link', which was first reported on msmvps.com/blog/spywaresucks, has an embedded code within the advert with different URLs and one pointing to an SWF file. SWF files are "Small Web Format" or also known as "Shockwave Flash" files. These files can easily include instructions for redirecting a computer user's system to a malicious site or prompt the download of malware.
Figure 1. 'Family Link' Facebook App Fake GreetingCards.com Ad
The Family Link Facebook application is the fifth most popular Facebook application, which means millions of computer users could be at risk if they use the Family Link application and somehow get the fake GreetingCards.com advertisement. Also, the malvertising scam does not affect Australian computer users at this time.
Because this new campaign is similar to the malicious GreetingCards.com advertisement found on Facebook's Farm Town App, it is likely that it may automatically install a rogue application or download other harmful malware provided that the embedded URLs are still active.
We could very well be witnessing a new epidemic of attacks on Facebook applications much like how the treacherous Koobface worm was spread through video links on social network users' profiles. This new malware distribution campaign can also be compared to previous malvertising scams such as when popular gadget blog Gizmodo was victimized by fake ads that redirected users to malware. Hackers will do whatever it takes to find new and creative ways to spread malware and ultimately sell fake security applications through those infections.
Popular Facebook applications such as Farm Town and Family Link have millions of users; therefore, the
potential of infecting millions of computers with malicious advertisements is extremely high. We can only stress that Facebook users use caution when utilizing applications on Facebook and keep your anti-virus or anti-spyware applications up-to-date.