October 14, 2009, 9:33 PM — A number of Facebook applications, including one called CityFireDepartment, has been hacked and tries to attack site visitors' computers via unpatched Adobe software vulnerabilities, a researcher says.
Hacked Facebook accounts are not unusual but "this is the first time I've seen Facebook applications hacked," says Roger Thompson, chief research officer at AVG, who said the firm traced back several hacked Facebook applications to a Russian site which appears to be taking advantage of the compromised Facebook applications to launch attacks against victims' computers based on unpatched Adobe software vulnerabilities.
In addition to CityFireDepartment, which AVG is cautioning Facebook users not to visit until "it's cleaned up," Thompson says. Other compromised Facebook applications also include MyGirlySpace, Ferraritone, Mashpro, Mynameis, Pass-it-on, Fillinthe and Aquariumlife, he says.
The attack "uses an Adobe exploit, and if you're not patched, it's installing the exploit, initially rogue antispyware but probably also a Trojan," Thompson says. AVG has informed Facebook directly about AVG's findings but he noted it's not simple to identify who maintains each of the Facebook applications.
Thompson has chronicled AVG's findings in a blog item. The attack site, which appears to be in Russia, may also be associated with several other Web-based attacks, he adds.