Yesterday Facebook acknowledged that the latest spam attack, which sent pornographic content, violence and animal abuse imagery on users’ walls, was the result of a browser bug, not the hacker group Anonymous. Creepy images appeared on users’ Facebook walls, including Justin Bieber photoshopped into a compromising sexual situation, an abused dog and a naked grandma, among others.
Sophos’ Chester Wisniewski reports that Facebook said “…users were being enticed to copy and paste the offending JavaScript into their address/location bar in the affected web browser. The people behind the attack are exploiting a browser vulnerability that allows self-XSS, a shorthand in security circles for cross-site scripting.”
Facebook would not confirm which browser was vulnerable.
In April, a Facebook Events spam attack tricked people into registering for fake events with super clicky, link-bait-y names like “How to Find Out Who’s Viewing Your Profile” or “Who Blocked You From His Friend List?” (For the record, Facebook doesn’t let you track either of those things. There are some ways to figure out who looks at your profile without the spammer backlash.)
If you see spam on Facebook, report it immediately.
Bieber image via Sophos.
Did you experience the Facebook spam attack? Tell us about it in the comments.