Without giving much detail, Trend Micro has encountered a drive-by download attack on Facebook. These attacks can infect a computer for the simple fact of visiting a page specially designed for it, when the user accesses different exploits that search for vulnerabilities in the browser and their add-ons are run, when they find them they can download malware automatically and hidden.
Well, what TM researchers have detected is a Facebook app with malicious ads that redirect towards a page that exploits known Java and ActiveX vulnerabilities. This is the image they have posted on their blog to explain the attack in a simple way:
I recently commented that by means of iframes on the pages of the applications they were stealing passwords and promoting false antivirus, this happens because in an iframe it is possible to load anything. But in this case the problem seems to be in the advertising platform Used by the application, the attackers somehow managed to sneak their ads and could be showing on thousands of pages, including those that are legitimate.
How to protect yourself from these attacks?
As I always comment, common sense is essential, many attacks are avoided by taking care of what is installed, accepted or downloaded from the internet. On the other hand, an updated antivirus always helps although it will not always stop these attacks, it is also very important to keep the operating system, browser and all its add-ons updated.
This attack exploits Java vulnerabilities that were patched in 2010 and an ActiveX problem that has been known since 2006, if the computer is updated 99% of exploits can do nothing.
Firefox users can have extra protection by using the NoScript extension that allows you to block all scripts on pages and enable them only for those that they consider safe or reliable.