San Francisco — As the popular social-networking outfit is growing, so does its enemies under wraps. Facebook users on Tuesday have been drastically assaulted by a wave of pornographic and violent images, pushed into their accounts as content supposedly liked or recommended by their friends.
Are you noticing any pornographic or violent images on your Facebook news feed? Users of the social media outfit began complaining that Facebook had turned into a porn site — claiming that their news feeds were flooded with hardcore images of sex and violence. The social networking giant warned its users not to download any applications without checking them out first after news of the nasty act appeared.
Surprisingly, The attack, which seems to have erupted towards the end of last week, saw the time-lines of many Facebook users deluded with graphic images of pornography and gory images of animal abuse started appearing. The images were popping up on people’s feeds, claiming to have been posted by friends — although people had no idea that they were propagating the content.
While this happens from time to time as users fall prey to clickjacking scams, for example, the scale of the recent attack has led Facebook to re-evaluate the safeguards it has in place. Facebook said it is investigating its security after a pornographic spam attack that apparently exploited a browser vulnerability.
“Recently, we experienced a spam attack that misused a browser vulnerability,” the company said in a statement on Tuesday. “Our team responded quickly and we have eliminated most of the spam caused by this attack. We are now working to improve our systems to better defend against similar attacks in the future.”
According to security firm Sophos, the social-networking site has been drenched in objectionable material over the past 24 hours.
“Explicit and violent images have flooded the newsfeeds of many Facebook users in the last 24 hours or so,” security consultant Graham Cluley wrote in a blog post. “The content, which consists of explicit hardcore porn images, photoshopped photos of celebrities such as Justin Bieber in sexual situations, pictures of extreme violence and even a photograph of an abused dog, have been distributed via the site–seemingly without the knowledge of users.”
As Cluley noted, offended Facebook users have taken to Twitter to express their frustrations, with some saying they will deactivate their Facebook accounts.
Facebook confirmed that it had been hit with “a organized spam attack that exploited a browser vulnerability,” says Facebook spokesman Andrew Noyes.
“Our efforts have greatly reduced the damage caused by this attack, and we are now in the process of investigating to identify those responsible,” a Facebook spokesman said.
Furthermore, such well organized attacks utilizes Facebook systems to swiftly push malign content all across the social media network, says Mike Geide, senior researcher at security firm Zscaler. Similar trickery occurred when Osama bin Laden was killed: Hackers distributed messages to Facebook members luring them to cut and paste coding into their browser address bar to see a video of bin Laden’s body.
The bad guys in that case misused into Facebook’s systems to push spam advertisements virally to the victims’ friends and friends of friends. The spammers got paid every time someone clicked on the ad.
Noyes further stated that Facebook users were “tricked into pasting and executing malicious Javascript in their browser URL bar, causing them to unknowingly share this offensive content.” Engineers have since built “enforcement mechanisms” to shut down the offending Pages, as well as accounts that exploit the vulnerability, Facebook said.
“We have also been putting those affected through educational checkpoints so they know how to protect themselves,” the company continued. “We have put in place backend measures to minimize the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
Here is the full statement:
Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.
During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it.
We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people.
Of course, spam attacks are not anything new to Facebook — but this one appeared to be particularly malicious. Besides, speculation circulated that the hackers associated with the renowned hacktivist group Anonymous were behind Tuesday’s Facebook attack.
Moreover, in August, Anonymous issued a decree that a major Facebook hack–dubbed the “Fawkes” virus in honor of the anti-hero Guy Fawkes from the movie V for Vendetta–would come in November.