Facebook's Farm Town hit by scareware advert attack

April 12, 2010 Sophos Press Release

IT security and data protection firm Sophos is warning players of the popular Facebook game "Farm Town" to scan their computers after it was revealed that the site has been delivering adverts laced with malware.

According to a statement on the website of "Farm Town" developers SlashKey, third-party adverts appearing alongside the game's window are putting users at risk of infection through fake anti-virus alerts, designed to scam users out of their credit card details.

Fake anti-virus software (also known as scareware) attempts to frighten users into believing that their computer is infected with viruses and Trojan horses by displaying bogus alerts, and then tricks unsuspecting surfers into making an unsafe purchase to remedy the "problem". Hundreds of Farm Town users have reported problems over the weekend, but Sophos warns that many others may be unaware that they have fallen foul of the attack.

"Farm Town has over 9.6 million monthly players on Facebook, and poisoned adverts appear to be trickling onto their PCs from a third-party advertising network," said Graham Cluley, senior technology consultant at Sophos. "Players of games like Farm Town are not all geeks, and might easily fall hard and fast for a bogus security warning - straight into the hands of hackers.

Sophos believes that SlashKey should make its players security, rather than its advertising revenue, its top priority.

"Rather than SlashKey simply asking its players to report offending adverts when they appear, the company should disable third-party Farm Town adverts until the problem is fixed," added Cluley. "Doing anything less is surely showing a careless disregard for the safety of its players. Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software."

Farm Town virus warning

Sophos advises that both consumers and businesses need to keep their wits about them to avoid scareware attacks.

"It's essential that computer security is kept up-to-date and that every webpage is checked for dangerous code and links," continued Cluley. "Third-party advertising networks need to do a much better job of thoroughly checking that the ads they are carrying are not polluted with malware."

Sophos notes that this is not the first time that hackers have managed to infect a high profile website with significant traffic. For instance, last year the New York Times suffered from a similar attack after a gang of hackers purchased ad space posing as a legitimate internet telephone company. Visitors to the New York Times website who were served the poisoned advert saw pop-up messages warning them that their computer had been infected, and urging them to install scareware.

"Scareware attacks like this are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software, making cash for unscrupulous hackers" explained Cluley.