i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

Facebook promises ‘consequences’ for smut scammers!

Facebook officials have tracked down the scammer’s responsible for filling the social network with images depicting bestiality, self-mutilation and other depravity and is vowing to seek justice.

 

Facebook has blamed the extreme smut on a “self-XSS vulnerability in the browser” that tricked users into pasting and executing malicious javascript in their address bars and caused them to unknowingly share this content. Many victims have reported that the highly offensive content is visible to others but not to the user whose account was used to spread it.

 

According to reports published by PCMag.com and ZDNet, Facebook officials have also figured out who is behind the attack. Both reports cited the same statement from a Facebook PR representative that says:

“In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that has already identified those responsible and is working with our legal team to ensure appropriate consequences follow.”

 

Facebook has yet to elaborate on key details of the ongoing attack. It’s still unknown if the cross-site scripting vulnerability is unique to a particular browser and how many of its 800 million users have been affected.

Security firm Zscaler has a primer on self-inflicted JavaScript injection on their website. In the post, researcher Mike Geide said the most common ploy in the ongoing deluge comes from malicious Facebook groups that ask users to join and then enter JavaScript into their URL bar.

 

The scripts contain obfuscated code that generates invite messages to all of a user’s Facebook friends and includes an invisible link which has now been taken down.