Farm Town virus warning: Malvertising at work?

Filed Under: Facebook, Malware, Social networks

Farm Town
Players of the online game Farm Town are being warned to be on their guard for malicious adverts that display fake security warnings in an attempt to dupe unsuspecting users into installing malicious code or handing over their credit card details.

SlashKey, the developers of the game which has over 9.6 million monthly active users on Facebook, has posted a warning on its forum advising players to be wary of warnings that suddenly pop-up telling them that their computer is infected:

If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY. You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.

If you do research on many of these spyware programs you will also find a myriad of sites proclaiming they are the only ones who can rid you of these programs. This is not true and on a personal level I urge you to use great caution as some of these so called wonder cures are as much of a scam as the malware you are trying to remove.

Hundreds of Farm Town players have responded on the forum, saying that they have been on the receiving end of the attack - but the worry is that many many more users may not have seen the warning and could have been tricked by the fake anti-virus warnings into infecting their computers or handing over personal information.

Farm Town virus warning

It appears that the problem is related to the third-party advertising that Farm Town displays underneath its playing window. In all likelihood, hackers have managed to poison some of the adverts that are being served to Farm Town by the outside advert provider.

Such malicious advertising (or malvertising as it is known) has been the vector for other infections in the past, including attacks against the readers of the New York Times and Gizmodo.

What makes this attack all the more serious, of course, is the sheer number of people that regularly play Farm Town, and that - in all likelihood - they might not be as tech-savvy as the typical Gizmodo reader, and thus more vulnerable to falling for the hackers' scam.

Farm Town gameplay

Rather than SlashKey simply asking its players to report offending adverts when they appear, it might be sensible for the company to disable third-party adverts appearing alongside Farm Town until the problem is fixed.

It may not be Farm Town's fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players.

Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software. If you do feel you have to play Farm Town then it might be wise to disable adverts in your browser (for instance, using an add-on such as Adblock Plus on Firefox).

By the way, if you are on Facebook and want to keep yourself informed about the latest security news you may want to become a Fan of Sophos on Facebook.

, , , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.