Facebook Porn Attack Caused By Browser Vulnerability


Recently we reported about the Facebook spam attack that posted porn contents on the users’ wall without their knowledge. There is no information regarding who was behind this attack, however, all fingers are being pointed out towards the hacktivist group Anonymous.

Now, Facebook acknowledges that the latest spam attack was a result of a browser, and not the hacker group Anonymous. It was said that the people behind the attack exploited a browser vulnerability that allows “self-XSS”. XSS is shorthand in security circles for cross-site scripting.Facebook Security

Cross-site scripting enables hackers and scammers to execute a JavaScript code in your browser that can access and take full control of the website you are interacting with, which in this case is Facebook. The Facebook team states that users were tricked to copy-paste malicious JavaScript code into their browser, which triggered the script to automatically post such content on their wall.

Scammers generally trick users by hiding the “like” button behind an image, such as a picture of an embedded YouTube video with a play button. However, the latest attack was conducted using a different method that many users are not familiar with – self-inflicted JavaScript injection. The mechanism and how the process was carried out has been explained by Zscaler ThreatLabZ Senior Security Researcher Mike Geide.

Here’s the latest statement issued by Facebook on the spam attack -

    “Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

    During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”


Please make sure that you DO NOT blindly click on any links that are shared on Facebook. This also applies to the links that are shared by your friend whom you trust the most. As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check our article about Avoiding Facebook Likejacking and Clickjacking scams.

Kindly Bookmark and Share it:

Do you Like this story..?

Get Free Email Updates Daily!

Follow us!

Comments

No responses to “Facebook Porn Attack Caused By Browser Vulnerability”

Post a Comment