Scott Robinson (quadhome) wrote,
Scott Robinson
quadhome

Facebook Trojan Horse

(DO NOT visit the following URLs. They're for reference only.)

With the recent MySpace exploit that went around, I would have figured the social networking scene would be really sensitive to this. However, that is apparently not the case.

One of Facebook's advertisers is pushing a spyware trojan horse onto their users.

Specifically, they have accepted footer advertising through the Adoptium network. Inside the frame is some Javascript that tries to open popups to a variety of ill-behaved URLs like http://209.190.5.106/display/redo2.html and http://209.190.16.26/z/z.html.

If that fails, as it will in a web browser that isn't Internet Explorer, a variety of other fail-safe conditions occur. Honestly, I don't have the time of patience to explore them. The ending is, essentially, they'll try to upload http://209.190.5.106/jk/exp.wmf to your machine. This WMF file uses an "old" exploit to force an install of http://www3.adoptium.com/jk/loader.exe on to your computer.

And then you're fucked with spyware you can't be rid of.

UPDATE: They accepted advertising in http://ads.facebook.com/ads/247/728x90_fb.html from RealMedia. RealMedia hooks up with PrecisionClick. Twisty passages gets you to Adoptium.

It's not all Facebook's fault. They just wanted some money, and the advertisers of ill-repute apparently pay the best. What a shock.

UPDATE 2: noisybastard: So you're telling me visiting Facebook is now a lot like banging a sorority girl?
quadhome: Or your Mom, yeah.

Tags: spewing
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

  • 4 comments