Subscribe to Security Newsletter

VIRTUAL PRESS OFFICESTM
(011) 807 3294   itnews@itweb.co.za | Advertise on ITWeb   Fri, 19 Dec, 10:46:47 AM
You are here Home

Facebook under spam attack

Many Facebook users were tricked into executing malicious javascript in a major spam attack that has affected the site.

Facebook has been targeted in what the social networking giant has called a “coordinated spam attack”.

The attack resulted in the newsfeeds of many users being filled with spam content, including Photoshopped images of celebrities, such as Justin Bieber, in sexual situations; hardcore pornography; an image of an abused dog; and other instances of extreme violence.

Facebook says that during the attack, users were tricked into pasting and executing malicious javascript in their browser URL bar, causing them to unknowingly share the offensive content.

“Our engineers have been working diligently on this self-XSS vulnerability in the browser. We've built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it.”

Facebook says it has also been putting those users who were affected through “educational checkpoints” in order to inform them about how to protect themselves.

“We've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people,” said Facebook.

Family unfriendly

Senior technology consultant for Sophos Graham Curley wrote on the firm's blog yesterday: “Mischief-makers are upsetting many Facebook users and making the social networking site far from a family-friendly place.

“It's precisely this kind of problem which is likely to drive people away from the site. Facebook needs to get a handle on this problem quickly, and prevent it from happening on such a scale again.”

According to some reports from Facebook users, while the graphic content was posted to their walls, it was not visible to them and they were only alerted to the problem through their friends who could see the content in their newsfeeds.

Speculation that Anonymous was somehow linked to the attack has not been confirmed.

Lock down

Curley says the attack raises a concern for companies that allow its employees to use sites such as Facebook.

“What happens when hardcore pornographic and offensive content is being spread? Should companies block access to sites hosting offensive content?”

Sophos recommends that users check their privacy settings and lock down the ability of friends to tag them in posts and photos.

Many Facebook users have turned to Twitter to vent their anger over the spam. One user tweeted: “That awkward moment when your Facebook Newsfeed turned into a porn site.”

Another user said: “I'm considering deleting my Facebook because of all the porn/dead animals and babies. It's disgusting.”

Facebook recently caused a stir when it released figures that showed up to 600 000 accounts are potentially compromised every day. These accounts are “road-blocked” by Facebook if they are compromised by malicious software, or if the site is not confident that the account's true owner is accessing the account.

Malicious content and software are usually identified by an algorithm run by Facebook's security system that identifies irregularities. According to Facebook, only 4% of posts on the social network are spam.

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Our comments policy does not allow anonymous postings. Read the policy here




Company news

 

 

 

 

Bytes IDM specialises in the provision of full Identity Lifecycle Management solutions through an array of hardware devices and software solutions. The IDM divisionprovides industry tailored solutions to both public and private sector organisations that require identity verification solutions when interacting with their clientele. Click here to learn more.

Top news

SECURITY BLOGS

GENERAL BLOGS


27-29
MAY
Security Summit
Sandton Convention Centre

AdWare.Win32.HotBar.dh
Trojan.JS.Popupper.aw
AdWare.Win32.FunWeb.kd
Trojan-Downloader.JS.IstBar.cx
AdWare.Win32.FunWeb.jp
Trojan-Downloader.JS.Agent.fxq
Exploit.HTML.CVE-2010-4452.h
Trojan.JS.Agent.bun
Trojan-Downloader.JS.Iframe.cew
Exploit.JS.CVE-2010-1885.k
Governance, Risk and Compliance conference 2015
24 & 25 Feb - Conference /26 Feb - Workshop
Venue:
The Forum, Bryanston
Father of GRC' to speak in SA
The need for governance, risk and compliance to drive value for business stakeholders will be highlighted by Michael Rasmussen, a renowned expert on governance, risk and compliance at ITWeb's annual GRC event next year.

Publications

MTN's marketing guru hits refresh.

 

Nnamdi Oranye

IT IN BANKING

African example