Facebook has identified the people responsible for the spam attack on the social network that saw newsfeeds inundated with explicit and violent content.
In a statement issued yesterday, a Facebook spokesperson said: “In addition to the engineering teams that build tools to block spam, we also have a dedicated enforcement team that has already identified those responsible and is working with our legal team to ensure appropriate consequences follow.”
The social network would not elaborate on exactly what action will be taken against the perpetrators, or release any details of their identity.
Senior security advisor at Sophos Chester Wiseniewski explains the attackers exploited a browser vulnerability that allows “self-XSS”.
“XSS is shorthand in security circles for cross-site scripting,” says Wiseniewski.
“Cross-site scripting essentially allows an attacker to execute JavaScript code in your browser that can access and control the Web site you are interacting with.”
According to Facebook, users were tricked into copying and pasting malicious JavaScript into their URL bar.
“Considering that the flaw is not within Facebook's Web site, it appears to have been rather difficult for them to respond to this threat,” notes Wiseniewski.
Facebook is reportedly working to be able to quickly identify behaviour patterns on people's accounts when they have been hacked, and to be able to delete malicious changes.
ZDNet reports that three months ago, notorious spammer Sanford Wallace surrendered to the FBI after being indicted by a federal grand jury for spamming Facebook. It took Facebook two years to catch him.
Facebook has not released any details about the scope of the most recent attack or which browsers were affected.
Share
