Scott Robinson (quadhome) wrote,
Scott Robinson
quadhome

Facebook Trojan Horse

(DO NOT visit the following URLs. They're for reference only.)

With the recent MySpace exploit that went around, I would have figured the social networking scene would be really sensitive to this. However, that is apparently not the case.

One of Facebook's advertisers is pushing a spyware trojan horse onto their users.

Specifically, they have accepted footer advertising through the Adoptium network. Inside the frame is some Javascript that tries to open popups to a variety of ill-behaved URLs like http://209.190.5.106/display/redo2.html and http://209.190.16.26/z/z.html.

If that fails, as it will in a web browser that isn't Internet Explorer, a variety of other fail-safe conditions occur. Honestly, I don't have the time of patience to explore them. The ending is, essentially, they'll try to upload http://209.190.5.106/jk/exp.wmf to your machine. This WMF file uses an "old" exploit to force an install of http://www3.adoptium.com/jk/loader.exe on to your computer.

And then you're fucked with spyware you can't be rid of.

UPDATE: They accepted advertising in http://ads.facebook.com/ads/247/728x90_fb.html from RealMedia. RealMedia hooks up with PrecisionClick. Twisty passages gets you to Adoptium.

It's not all Facebook's fault. They just wanted some money, and the advertisers of ill-repute apparently pay the best. What a shock.

UPDATE 2: noisybastard: So you're telling me visiting Facebook is now a lot like banging a sorority girl?
quadhome: Or your Mom, yeah.

Tags: spewing
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 4 comments