We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Facebook is dealing with porn spammer attack culprits

Facebook is dealing with porn spammer attack culprits

When Facebook promises to prosecute spammers, it follows through. Just ask the Spam King

Article comments

Facebook says it knows who was behind the massive spam attack on the social network this week and although it isn't naming them, it intends to take legal action against them.

In a statement released to media outlets, Facebook said that its dedicated enforcement team "has already identified those responsible and is working with our legal team to ensure appropriate consequences follow."

Those familiar with Facebook's history with spammers know that the socnet doesn't make idle threats when it comes to junco artists. It pursued one spam king, Sanford Wallace, for two years before winning an indictment against him earlier this year.

The indictment accused Wallace of flooding Facebook with 27 million spam messages in 2008 and 2009. It also said that the junk czar used phishing attacks to steal usernames and passwords from victims and used the stolen credentials to post spam to victims' walls.

This week's spam attack

Because a threat to take down Facebook was made earlier this year by some members of the hacker collective Anonymous, its name initially surfaced as a possible perpetrator of the attack. That's unlikely, however, not only because the group called off its action against Facebook scheduled for 5 November, but using shock spam in an attack just isn't its style.

The spam attack on Facebook began early this week when many Facebook users began seeing pornographic and shock spam appearing in their news feeds without any knowledge of how they got there. After some delay, Facebook finally acknowledged that the attacks had taken place.

The social network has an impressive security scheme in place. The Facebook Immunity System (FIS), which analyses 650,000 actions a second, has done a good job of protecting social networkers from malicious and annoying activity directed at their accounts, but it has its flaws.

For example, earlier this month, researchers showed how botnets could be created to harvest information from members without being detected by FIS. And, obviously, the latest spam deluge dodged detection.

Pasting java script into URL bar

That deluge was based on tricking members into pasting JavaScript code into the address bar of their browsers. The code caused a member to share offensive material with their friends.

While praising Facebook's action in cleaning up the mess, one secure browser maker added that problems with self-inflicted JavaScript infections persist on the network. "Facebook has cleaned up most of the offensive content from in the recent campaign," noted Mike Geide at the Zscaler blog. "But doing some specific searches I was able to find some examples of this self-inflicted JS injection technique being used on Facebook."

"The most common case, are Facebook groups that ask you to join and then enter in some JS into your URL bar," he added.

For Facebook members, the lesson here should be axiomatic: don't paste computer code in your browser's address bar.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *