Application security, Malware, Threat Management

Facebook identifies porn spam perpetrators

Facebook said it has identified many of those responsible for a wave of pornographic content that showed up on users' news feeds this week.

Those behind the coordinated spam attack, which began on Monday, leveraged a cross-site scripting (XSS) web browser vulnerability to flood Facebook news feeds with explicit and pornographic material, including images depicting acts of violence, self-mutilation and bestiality. The attackers managed to trick users into pasting and executing malicious JavaScript in their web browser URL bar, causing them to unknowingly share the offensive content, Facebook said in a statement sent to SCMagazineUS.com.

No user accounts or data was compromised during the attack.

The social media giant is “pursuing the appropriate action” against those responsible for the campaign, a Facebook spokesman told SCMagazineUS.com on Friday. He declined to provide any additional details.

Facebook described the issue as a “self-XSS,” meaning users themselves had to execute the code needed to launch the attacks, as opposed to a traditional XSS attack, which involves malicious code being injected directly into a website. Users may have been told to paste the code into their browser to win some type of prize or sweepstakes, Chester Wisniewski, senior security adviser at security firm Sophos, wrote in a blog post Wednesday.

“Considering that the flaw is not within Facebook's website, it appears to have been rather difficult for them to respond to this threat,” Wisniewski added.

It is not known which web browser is vulnerable. Until it is fixed, the same flaw could potentially be used in attacks against other sites, he warned.

Facebook, meanwhile, said it has put in place mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit the flaw, and is providing security education to affected users. As well, it has put in place back-end measures to reduce the rate of such attacks.

By now, most of the offensive spam has been eliminated. Facebook said it is working to improve its systems to prevent a similar attack from recurring.

Many users this week took to Twitter to express their frustration over the explicit content. Some users said they were planning to deactivate their accounts over the issue. 

“Seeing a dead dog on my Facebook newsfeed,” one user wrote in a Tweet. “Officially deactivating it.”

Some have speculated that the hacktivist collective Anonymous is behind the attack, though the group has not taken credit for it.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.