Facebook under spam attack

Many Facebook users were tricked into executing malicious javascript in a major spam attack that has affected the site.
Many Facebook users were tricked into executing malicious javascript in a major spam attack that has affected the site.

Facebook has been targeted in what the social networking giant has called a “coordinated spam attack”.

The attack resulted in the newsfeeds of many users being filled with spam content, including Photoshopped images of celebrities, such as Justin Bieber, in sexual situations; hardcore pornography; an image of an abused dog; and other instances of extreme violence.

Facebook says that during the attack, users were tricked into pasting and executing malicious javascript in their browser URL bar, causing them to unknowingly share the offensive content.

“Our engineers have been working diligently on this self-XSS vulnerability in the browser. We've built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it.”

Facebook says it has also been putting those users who were affected through “educational checkpoints” in order to inform them about how to protect themselves.

“We've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people,” said Facebook.

Family unfriendly

Senior technology consultant for Sophos Graham Curley wrote on the firm's blog yesterday: “Mischief-makers are upsetting many Facebook users and making the social networking site far from a family-friendly place.

“It's precisely this kind of problem which is likely to drive people away from the site. Facebook needs to get a handle on this problem quickly, and prevent it from happening on such a scale again.”

[EMBEDDED]According to some reports from Facebook users, while the graphic content was posted to their walls, it was not visible to them and they were only alerted to the problem through their friends who could see the content in their newsfeeds.

Speculation that Anonymous was somehow linked to the attack has not been confirmed.

Lock down

Curley says the attack raises a concern for companies that allow its employees to use sites such as Facebook.

“What happens when hardcore pornographic and offensive content is being spread? Should companies block access to sites hosting offensive content?”

Sophos recommends that users check their privacy settings and lock down the ability of friends to tag them in posts and photos.

Many Facebook users have turned to Twitter to vent their anger over the spam. One user tweeted: “That awkward moment when your Facebook Newsfeed turned into a porn site.”

Another user said: “I'm considering deleting my Facebook because of all the porn/dead animals and babies. It's disgusting.”

Facebook recently caused a stir when it released figures that showed up to 600 000 accounts are potentially compromised every day. These accounts are “road-blocked” by Facebook if they are compromised by malicious software, or if the site is not confident that the account's true owner is accessing the account.

Malicious content and software are usually identified by an algorithm run by Facebook's security system that identifies irregularities. According to Facebook, only 4% of posts on the social network are spam.

Read time 2min 50sec
Kathryn McConnachie
Digital Media Editor at ITWeb.

Kathryn McConnachie is a Digital Media Editor at ITWeb.

Have your say
a few seconds ago
Be the first to comment