Wednesday, November 16, 2011

Facebook Hit By Coordinated Attack Spreading Pornographic & Violent Images, Videos and Links

Facebook IconWere you among the countless unlucky Facebook members that had their newsfeeds flooded with inappropriate images over the last few days?

According to Facebook, you have nobody to blame but yourselves – and maybe your friends.

Earlier this week, complaints began rolling in about violent and sexually explicit images, links and videos overwhelming user’s news feeds. Some Facebookers claimed that they’d mysteriously liked inappropriate content, sent/received suspicious chat and direct messages, or were tagged in disturbing images by their Facebook pals.

Facebook has since investigated the issue and found the root of the problem, which turned out to be a spam attack fueled by users pasting malicious JavaScript code into their browser bar.

Although it’s not clear who originally conjured up the poisonous code that was eventually shared with gullible users, the ultimate problem lies with the curiosity that drives folks into clicking – or in this case, copying and pasting – items that they shouldn’t.

A Facebook spokesperson released the following statement:
Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.

Many have speculated that the hacktivist group, Anonymous is behind the attack. Earlier this year, rumors surfaced that Anonymous was going to attack the popular social networking site and bring it down on November 5th, 2011 in celebration of Guy Fawkes Day. However, that turned out to be nothing more than hot air as the 5th came and passed without any signs of an attack – until now.

Either way, Facebook claims to have identified who is behind the attack and intends on seeing them in court. Let’s hope they bring the evil-doers to justice!

It's still up to you users to stop clicking those "special offers" and crazy video links, though. Curiosity is a dangerous thing.

Photo Credit: mfinleydesigns

Be sure to follow us on Twitter @hyphenet and “Like” us on Facebook for the latest tech news and PC security threats. You know you want to.

No comments:

Post a Comment