Facebook Porn Attack Caused By Browser Vulnerability

Recently we reported about the Facebook spam attack that posted porn contents on the users’ wall without their knowledge. There is no information regarding who was behind this attack, however, all fingers are being pointed out towards the hacktivist group Anonymous.

Now, Facebook acknowledges that the latest spam attack was a result of a browser, and not the hacker group Anonymous. It was said that the people behind the attack exploited a browser vulnerability that allows “self-XSS”. XSS is shorthand in security circles for cross-site scripting.Facebook Security

Cross-site scripting enables hackers and scammers to execute a JavaScript code in your browser that can access and take full control of the website you are interacting with, which in this case is Facebook. The Facebook team states that users were tricked to copy-paste malicious JavaScript code into their browser, which triggered the script to automatically post such content on their wall.

Scammers generally trick users by hiding the “like” button behind an image, such as a picture of an embedded YouTube video with a play button. However, the latest attack was conducted using a different method that many users are not familiar with – self-inflicted JavaScript injection. The mechanism and how the process was carried out has been explained by Zscaler ThreatLabZ Senior Security Researcher Mike Geide.

Here’s the latest statement issued by Facebook on the spam attack -

    “Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

    During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

Please make sure that you DO NOT blindly click on any links that are shared on Facebook. This also applies to the links that are shared by your friend whom you trust the most. As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check our article about Avoiding Facebook Likejacking and Clickjacking scams.

Read More >>

Porn Content on Your Facebook News Feed

An increasing number of users on Facebook are reporting that their news feed has been flooded with pornography and explicit content, and rumours indicate that the Anonymous hacktivist and its rumoured Fawkes virus could be responsible for this barrage of offensive images.

The spread of such content started a few days ago, and now has become viral across the social network, making its users angry and disgusted. It’s not just the general users who have been affected by this bombardment, but celebrities like actress and director, Courtney Zito as well. She told The Christian Post, “I have 5000 friends. My feed is littered with porn. I can’t even check my news feed with anyone around because of it.”

All Facebook notes that this isn’t the first time Facebook is being affected by such a thing. A similar exploit happened last year in August 2010, where photos were being shared across users’ wall without their knowledge.

I haven’t noticed anything as such on my Timeline or have heard of any complaints from my friends. However, searching on Twitter for the term “facebook porn” shows a list of complaints from users who have been affected. They are also indicating that they will be temporarily deactivating their account until the issue has been resolved.

Facebook is yet to issue a statement about this exploit. Although all fingers are pointing out to Anonymous, it is still unclear on who is behind this attack. The reason why Anonymous is put at blame is because the hacktivist made threats against the social networking giant in August since it lacked privacy that users want on it. The group indicated that they would “kill” Facebook on November 5, but there wasn’t any such activity that took place that day.

Recently we posted about a scam that has been spreading on Facebook – “98 Percent of People Can’t Watch This Video for More Than 15 Seconds” attracting a lot of “likes” and “shares”, which is also spreading through Facebook Messages. A quick search on Google showed a list of blogs who stating that the above mentioned message is a scam and users should avoid clicking on it.

Users are also posting the following warning message on Facebook –

ATTENTION!!!

    The hackers have already entered in Facebook and they are putting unwanted videos or pictures to your name in the walls or profiles of your friends without you knowing it. You dont see it,,but other people can see it. As if these were a publication that you made…so if you receive something from me about a video, ..its not mine..i wouldn’t disrespect my friends in anyway !copy this on your wall it is the security of our own image.
In the meantime, if you see any content which you think you might have not shared, then I recommended you to reset your Facebook password. Chances are that your account must be hacked. Alternatively, you can go through this guide that I wrote some time back which will guide you on how you can prevent your Facebook account from getting hacked.

We have compiled a list of Most Actively Spreading Scams on Facebook that you might want to have a look at. In addition to that, don’t forget to check out our article about Avoiding Facebook Likejacking and Clickjacking scams. Here’s an article on how you can Identify and Avoid Facebook scams.

Read More >>

Facebook Scam: 98 % of People Can’t Watch This Video for More Than 15 Seconds

A new scam is underway on Facebook which claims to show a video and assumes that 98 percent of users won’t be able to watch it for more than 25 seconds. The scam is spreading across the social network giant – Facebook with the following title – “98 Percent of People Can’t Watch This Video for More Than 15 Seconds” and a message that reads – “CLICK LINK TO WATCH VIDEO & SEE HOW LONG YOU CAN LAST!”

A scam that we reported earlier in June had a similar title – “99% People Can’t See This Video For More Than 25 Seconds Facebook Scam.”

This is a spam message that is spreading on Facebook with a link that leads to a bogus page upon click it, where you will notice a fake video player. You are asked to share the message before you can watch the video, after which you will be shown the following video -

Sometimes, after having shared the video, you will be redirected another spam website where you will be asked to complete a set of online surveys.

You can notice that the link has been shared more than 5,000 users, which itself indicates that the scam is rapidly spreading on Facebook. It is recommended that you DO NOT click on such links or scam messages on Facebook. If you come across this scam message, please delete/remove the scam from your Facebook news feed immediately. Alternately, you can report the scam to Facebook Security.

With over 800 million users on Facebook, the social networking giant has always been a main target for spreading scams. It is quite difficult to identify scams on Facebook. Here is a post on How to Identify and Avoid Facebook Scams.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check out our article about Avoiding Facebook Likejacking and Clickjacking scams.

Read More >>