All the latest UK technology news, reviews and analysis


Facebook finds culprit behind porn spam attack

16 Nov 2011
Facebook home page

Facebook has identified the group or individual responsible for the attack on its systems that spammed users with porn and violent images earlier this week.

Facebook said that the attack "exploited a browser vulnerability" to spread the images in news feeds and wall pages.

The content was spread unknowingly when people were tricked into copying and pasting malicious JavaScript into their browsers.

No Facebook accounts were compromised or accessed during the spam attack, according to Facebook.

The social site has determined who was behind the attack and is working with legal enforcement agencies on the matter, but declined to share these details with the public at this time.

However, Facebook has ruled out hacking group Anonymous, which early reports had suggested could be responsible.

Sophos Canada senior security advisor Chester Wisniewski said in a blog post that Facebook users probably pasted the JavaScript into their browser because they thought they may have won a prize.

Wisniewski explained that the attack is particularly difficult to circumvent because the flaw is related to a browser rather than the Facebook site.

However, Wisniewski questioned why Facebook was attacked in such a way, as attackers generally use flaws for financial gain rather than what appears to be a "purely malicious act".

Sophos UK senior technology consultant Graham Cluley added in a blog post that the attack had the potential to damage the social network's reputation.

"It's precisely this kind of problem which is likely to drive people away from the site. Facebook needs to get a handle on this problem quickly, and prevent it from happening on such a scale again," he said.

Facebook claimed that most of the spam has already been eliminated, and that the company is working to improve its systems to better defend against similar attacks.

"Our engineers have been working diligently on this self-XSS vulnerability in the browser. We've built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it," said a spokesman.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Social Networking
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
64%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Experienced Project Manager

Our award winning and highly successful client is seeking...

Experienced Project Manager

Our award winning and highly successful client is seeking...

Experienced Project Manager

Our award winning and highly successful client is seeking...

Experienced Project Manager

Our award winning and highly successful client is seeking...
To send to more than one email address, simply separate each address with a comma.