Facebook investigates wave of explicit spam

Discussion in 'malware problems & news' started by hawki, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Dec 17, 2008
    DC Metro Area
    Facebook is investigating a wave of spam containing hardcore pornography and violent images that has hit users’ News Feeds in the last 24 hours.

    The cause of the disturbing material is currently unknown, but spammers have previously used viruses and guessed passwords to take control of accounts.

    A spokesman for Facebook said that “protecting the people who use Facebook from spam and malicious content is a top priority”.

    “We are always working to improve our systems to isolate and remove material that violates our terms,” he said.

    “We have recently experienced an increase in reports and we are investigating and addressing the issue."

    According to users, the material includes pornographic scenes with celebrities such as Miley Cyrus and Justin Bieber digitally inserted, as well as images of mutilated animals.

    “It seems highly offensive spam content has successfully spread via Facebook for 24 hours or more,” said Graham Cluley of the security firm Sophos.

    “It's precisely this kind of problem which is likely to drive people away from the site. Facebook needs to get a handle on this problem quickly, and prevent it from happening on such a scale again.”

    Facebook’s terms and conditions forbid nudity.


    In a statement, Facebook spokesman Andrew Noyes acknowledged that the site was the target of a coordinated spam attack and explained how it went down.

    "During this spam attack, users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content," he said. "Our engineers have been working diligently on this self-XSS vulnerability in the browser.

    In the meantime, he said that Facebook has built enforcement mechanisms to quickly shut down the malicious pages. He also said the company has also been putting people who were affected by the offensive spam through "educational checkpoints" so they know how to protect themselves in the future.

    The images were so graphic that it caused some people to say they were going to quit Facebook.

    "If I see another picture of a dead dog on facebook or anything else like that, I will probably delete my account," wrote Big_A22 (Aaron Lichtenwater).

    And Fustz (Thomas Morris) tweeted, "Dont really wanna go on facebook anymore, the dead dog made me sad."

    The next step for Facebook is figuring out who is behind the attacks. "We are now in the process of investigating to identify those responsible," Noyes said.


    Facebook explained in a statement that the spam attack was the result of a browser vulnerability that tricked users into running malicious script and sharing the content on their own profiles

    Graham Cluley of the security company Sophos said on a company blog that he is hearing reports that users whose accounts post the images are unable to see them on their own news feeds.

    Another theory is that a splinter group of Anonymous made good on its threat to put out a virus to “take down Facebook,” in an attack planned for Guy Fawkes Day, Nov. 5, but there’s been no indication of that group taking credit for the attack.

  2. hawki

    hawki Registered Member

    Dec 17, 2008
    DC Metro Area
    16 November 2011 Last updated at 07:13 ET

    Facebook 'eliminates most of porn image spam attack'

    Facebook said it has rid its site of most of the pornographic and violent images posted as part of a spam attack.

    The social network blamed a browser vulnerability and said it was improving its systems to defend itself against similar attacks in the future.

    Thousands of the website's 800 million users have complained about the pictures over recent days.

    A source told the BBC that Facebook knew who was responsible - and it was not an Anonymous hacktivist.

    The firm is understood to be working with its legal department to take action against the suspected attacker.

    Browser exploit

    Facebook said the spam attack worked via a "self-XSS vulnerability in the browser".

    It added: "During this attack, users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content.

    "No user data or accounts were compromised during this attack."

    The firm said its engineers had built enforcement mechanisms to shut down malicious pages and accounts that attempt to exploit the vulnerability.

    It also offered the following advice to help guard against further attacks:

    Never copy and paste unknown code into the address bar
    Always use an up-to-date browser
    Use the report links on Facebook to flag suspicious behaviour or content on friends' accounts


    Facebook allows children above the age of 13 to be members, and polices a ban against inappropriate images.

    However, security experts said it was difficult for the firm to respond to this threat, bearing in mind it exploited a vulnerability in an unnamed web browser rather than the site itself.

    They also said that the attack was very unusual because most other scams on the social network are designed to deliver a financial payout.

    "This seems to be a purely malicious act.
    Facebook has a reputation for maintaining a reasonably family-friendly environment," wrote Chester Wisniewski, a senior security advisor at Sophos, on his company's blog.

    "Hopefully whichever browser it is that has the flaw will provide a fix ASAP, but as we know most people are slow to apply updates regardless of which browser they use (except Chrome)."

    "The flaw being exploited could likely be used against other sites as well if users can be tricked into pasting malicious javascript into the browser."

  3. Hungry Man

    Hungry Man Registered Member

    May 11, 2011
    For this reason Chrome no longer allows you to copy/paste javascript into the URL bar. If you do it'll google the script. You have to first write out "javascript:" and then paste it.
  4. Dermot7

    Dermot7 Registered Member

    Dec 20, 2009
    Surrey, England.
    "Facebook: Anatomy of Self-Inflicted Javascript Injection" : http://research.zscaler.com/2011/11/facebook-anatomy-of-self-inflicted.html

  5. MrBrian

    MrBrian Registered Member

    Feb 24, 2008
    From the article in the last post:
Thread Status:
Not open for further replies.