Facebook identifies violence, porn imagery culprits

By on November 16, 2011, 3:30 PM

Today, Facebook announced they have identified the unscrupulous individuals responsible for propagating objectionable material across their user's accounts. The questionable photos and videos included beastiality, excessive violence and pornography. No details were provided by Facebook regarding the identities of the perpetrators.

A Facebook spokesperson stated, "In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that has already identified those responsible and is working with our legal team to ensure appropriate consequences follow".

Being labeled by some media outlets as the "Guy Fawkes virus", the script reportedly exploits a browser vulnerability which allows the malware to post unsavory images, videos and links under the afflicted user's Facebook account. Please bear in mind the name brewing for this attack is misleading as there are no clear indications that Anonymous was involved, aside from the bogus Guy Fawkes day attack that never materialized. Anonymous has denied ties to the incident.

The attack itself is based on a self-XSS vulnerability exploit. The exploit reportedly works on most Internet browsers, although Google Chrome users will be pleased to know they are unaffected. The attack spreads itself through spam with links, often posing as a "tagged photo" message or involving celebrities like Kim Kardashian and Justin Beiber to entice users to click. It is said the origin of problem began when less sophisticated users were asked to paste a malicious line of JavaScript in their Internet browser's address bar. Since then, it has spread to an unknown number of Facebook users.

As many of you may be aware, if the true originators of this attack took any steps to obfuscate themselves, they could be very difficult or even impossible to track down. However, doing so successfully is not without precedent. Facebook recently managed to catch the spam king, Sanford Wallace, who surrendered to the FBI after a two-year investigation.

If you or someone you know has been affected, there are three basic, generic steps to take to stop most attacks like this. First, keep your browser up-to-date. In this case, as usual, Chrome was unaffected. Certain browser extensions can help keep you safe too, like no-script and adblock. Secondly, remove any Facebook apps tied to your account, especially those you do not fully trust or use. And lastly, scan your computer for malware and virus infections by using tools like Malwarebytes (free version is available) and Microsoft Security Essentials, a completely free virus scanner.




User Comments: 18

Got something to say? Post a comment
treetops treetops said:

EDIT

~~Read it wrong yeah they were infected through spam messages in facebook.~~

So people clicked on advertisements provided by facebook and got the virus? Or from facebook add ons? I think it would be funny if these people paid facebook to put up ads.

paynetrain007 said:

treetops your an *****... its like you didn't even read the article...

also Malwarebytes is free for individual use as a simple scanner that works really well... the stuff you pay for is extra and not needed that stuff is also free for 30 days...

And MSE is a anti-virus not just a scanner...

really tech spot... understand your technology

Staff
Jesse Jesse said:

Payne I was with you through the first sentence, then you turned into a ****.

mattfrompa mattfrompa said:

ya know prismatics, I was on your side until I saw those asterisks. F*CK asterisks... oh sh*t...

RH00D RH00D said:

The thing is, if gullible ****** never clicked on everything they see, this would have spread to about as many people as you can count with your fingers. The only reason it's affecting so many people is directly because of people's stupidity online.

Guest said:

"excessive violence"??? simple violence is allowed now?

Staff
Rick Rick, TechSpot Staff, said:

If you or someone you know has been affected... And lastly, scan your computer for malware and virus infections...

Please notice the immediate, one-time, "in response to" nature of the last paragraph and the focus on scanning for items.

paynetrain007 said:

And MSE is a anti-virus not just a scanner...

Your arbitrary distinction is neither useful or correct, but again, the focus was just to scan once if you think you're infected.

paynetrain007 said:

Malwarebytes is free for individual use as a simple scanner

This is more useful, but again, the focus was a one-time response. I have updated it so that it no longer implies Malwarebytes is *just* available as a 30 day trial.

Guest said:

Facebook allows basically anything.

Most of the network is a cesspit of objectionable filth as it is. It is a reflection of our corrupt society as a whole.

caravel said:

Fully agree with Guest - the clowns using facebook, pretty much get everything they deserve.

The "thank you facebook, my three year old just saw pr0n/violence/whatever - I'm deleting my 'account boo hoo hoo'" bollocks, just doesn't cut it either. a) I doubt facebook care if these fools delete their accounts, because they've already milked them for their personal data to sell on to 3rd parties anyway (facebook data is never truly deleted) and b) these same f00ls should not have their kids accessing these social networking sites anyway, for obvious reasons.

PC EliTiST PC EliTiST said:

Personally, trhough No-Script I block the entire Facebook, so... No problem, certainly.

Facebook.com, Facebook.net, fbcdn.com, fbcdn.net etc etc.

Muggs said:

Typical Pebkac virus

isamuelson isamuelson said:

Gotta love Chrome. It's all I use.

dividebyzero dividebyzero, trainee n00b, said:

often posing as a "tagged photo" message or involving celebrities like Kim Kardashian and Justin Beiber to entice users to click

And this works ?...My first thought would be that seeing anything about either of those two would induce me to end my browser session rather than "click".

Sounds like a reverse IQ test..."You have to be this dumb to ride the facebook"

lipe123 said:

dividebyzero said:

....

Sounds like a reverse IQ test..."You have to be this dumb to ride the facebook"

HAHAHA dude you just made my day!

Guest said:

First of it all it has nothing to do with Facebook as a whole and more as users being gullible and clicking on links. No matter how many times you tell people not to click links the " you got to watch this new video I found of you" always seems to get them. And then when the app says give me full access to your Facebook account...they think nothing of it. Even if they weren't on Facebook they would be clicking on this stuff. So people who say they stay away from Facebook because of this might as well never read email. Its no different. You have to be smart about these things...I been on Facebook since the beginning. I don't have any weird stuff going on and I check my apps and limit their access to what they can do on the ones I have. I run Firefox with adblock which should be #1 in anyone's arsenal. Then if you want even more security get malwarebytes pro. It blocks you even going to a lot of these rogue sites if you just can't help yourself.

Guest said:

Chrome is actually the vulnerable browser to this attack, so no. Please correct- see this video from a Facebook engineer: https://www.facebook.com/photo.php?v=956977232793

Guest said:

Internet Explore and Firefox released protections against this attack months ago. Chrome did attempt to patch this vulnerability but, obviously, did not really succeed.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.