Facebook flooded with explicit pornographic and violent images – users beware
Signs have shown themselves over the last few days suggesting that something was up, specifically messages such as –
ATTENTION: THE HACKERS ALREADY ENTERED IN FACEBOOK & THEY ARE PUTTING SEXUAL VIDEOS TO YOUR NAME IN THE WALLS OR PROFILES OF YOUR FRIENDS WITHOUT YOU KNOWING IT. YOU DON´T SEE IT, BUT OTHER PEOPLE CAN SEE IT, AS IF THESE WERE A PUBLICATION THAT YOU MADE! SO IF YOU RECEIVE SOMETHING FROM ME ABOUT A VIDEO, ITS NOT MINE! copy this in your wall. It is for the security of YOUR OWN IMAGE
These messages have circulated prolifically across the social networking site warning of sexual videos being put up by hackers in the name of innocent Facebook users.
The message may be making some assumptions, but the threat Facebook is currently facing is one of the most prolific and disturbing in a while and one that does seem to fit the overall meaning this warning message conveys.
For those that are not aware of the issue, Facebook users have been complaining of seeing disturbing images being posted in their newsfeed by their friends, but said friends are not aware of sending any images at all and nothing appears in the profile pages to suggest that they did?
So what is going on? Typically when such phenomena occurs it is nearly always down to Facebook users falling for various types of scams that rely on users sharing external websites with their friends – pop up Share boxes, clickjacking attacks and rogue Facebook applications have been popular for tricking users into sharing dubious sites, but with this attack becoming so prolific so quickly and many affected users ever so adamant they did not click or share anything, what we may be seeing is possibly a security vulnerability that has been discovered by hackers before it was discovered by Facebook…? Rumours are inevitably spreading that this is down to hacktivist group Anonymous who were linked to threats aimed at Facebook earlier in the month, but such claims are completely unsubstantiated.
Its early days and it is best not to assume anything yet. If you do see such offensive material posted on your newsfeed, hover over the post and select the down arrow on the top right and hit “Report Story or Spam” – its appears Facebook is relying heavily on its user base flagging such offensive material for them.
If you’re a parent with children that use Facebook, be more vigilant over the next day or so as some of the images floating across the site are extremely explicit.
Facebook have released a statement that they are working to resolve the issue.
UPDATE:
Facebook now claim to have cleaned up most of the attack with the majority of offending images cleaned up. But do we really know what happened?
Facebook have claimed it was a co-ordinated SPAM attack on the site that involved tricking Facebook uers into copying and pasting malicious Javascript into the users URL address bar which resulted in them sharing the explicit content with their friends. We have seen similar attacks in the past – in fact its a tactic we have seen with survey scams and can be extremely effective – we personally saw an earlier version of the “98% Can’t Watch This…” scam use a Facebook page and Javascript exploit to spread itself and the page went from 0 to 3000 Likes within 5 minutes before being shut down by Facebook, so its no wonder a co-ordinated SPAM attack using a similar exploit could become to prolific.
This recent attack was also curious because, just like a computer Worm, the SPAM attack only gave priority to circulating, without any end game – i.e. there was no financial motivation – which these days this means there was no rewards programs to join or surveys to complete.
Also worth noting is that this was not the work of hackers, despite the claims of several rumours. No Facebook accounts were compromised and Facebook wasn’t “hacked”. As usual, the attack relied on the actions of Facebook users into circulating.
So if you did not know already, NEVER paste Javascript into your browser. Facebook are looking into ways to prevent the attack from happening again, but also remember this was also a vulnerability in a web browser somake sure you update your web browser when prompted so make sure you get all current security patches.
Anymore on this story and we’ll post it here.
[[on a side note, at the time of writing Facebook have blocked all outgoing links to our website – it should only be temporary, but until its resolved, we will be posting our links with a hyphen between thats and nonsense]]