Facebook shuts off its porn spam flood

THE CIA'S PEOPLE DATABASE Facebook has managed to stop the spread of foul and disgusting images on its pages and is looking into shoring itself up so that it never happens again.

No one has claimed responsibility for the hacking, which suggests that there is no wider motive than spamming behind it, and security experts have said that it is unlikely to be the Fawkes virus that has recently attracted the attention of Anonymous.

George Lucian, a senior social media security researcher at Bitdefender told The INQUIRER that the attack looked like a standard assault on Facebook rather than the more sophisticated kind that we might expect from Anonymous.

"Since this outbreak followed a relatively quiet period for Facebook threats, and considering the Anonymous video, we wondered if these are related to the Fawkes virus," he said.

However, he added, "These are ordinary scams and we believe Anonymous would use something more sophisticated. We expect the Fawkes virus to be something related to malware, and to have complex mechanisms. Of course, every Facebook scam in the following period may be related to that Anonymous video, but we've seen outbreaks like this in the past, and we are confident that this kind of threat will continue to exist on Facebook."

Yesterday, in a short statement, a spokesperson for the social network told us, "Facebook is aware of these reports and we are investigating the issue," but things have moved on since then and the firm has suggested that its users were the victim of a cross-site scripting vulnerability."

Facebook said in a post, "We experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible."

It further explained, "During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We've built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it."

Chester Wisniewski, a senior security advisor at security firm Sophos pondered why the attack used the images that it did, and wondered if there was a motive behind it.

"The [big] question is what motivated the attackers to use this flaw in such a strange way? We investigate lots of Facebook scams here at Naked Security, and I would guess that nearly 100 per cent of them lead to some financial payout for the scammer," he said in a blog post.

"This seems to be a purely malicious act. Facebook has a reputation for maintaining a reasonably family friendly environment and most Facebook users don't expect dead dogs and penises showing up on their wall." µ