Blog
Sanjay Katkar

Recent Facebook porn spam attack: How to avoid falling in the trap

November 17, 2011
0
Estimated reading time: 2 minutes

The recent wave of porn spam attacks that flooded Facebook accounts with posts carrying images of sex and violence has been brought under control. Most of the spam has stopped and the responsible accounts have been quarantined. Thousands of Facebook users had been afflicted and unknowingly posted pornographic spam which spread like a viral campaign that targeted other users on the social network.

After lots of debates and inputs from security experts it was concluded that the attack was caused by a cross-site scripting vulnerability in the browser. The attack was similar to the popular clickjack attack that automatically interacted with Facebook accounts by having users unwittingly like posts and share them with their friends.

Official statement from Facebook:
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this attack, users were tricked into pasting and executing malicious javascript in their browser’s URL bar which caused them to unwittingly share the offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it. We have also been putting affected parties through educational checkpoints so they know how to protect themselves. We’ve put backend measures in place to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people”. 

Steps to clean up your Facebook account:
1. Remove the offending post from your Facebook wall.
2. Check the list of apps that have access to your Facebook account and remove those which were not added by you but got there in the list automatically. This can be done by going into the ‘Privacy Settings’ page for ‘Apps and Links’ inside your ‘Account Settings’.
3. Change the account password and select a strong new password for your account.
4. Always use an updated browser and regularly apply all the browser updates.
5. Use a good Internet security software and make sure it is always updated.
6. Join the Facebook security page as it keeps on posting articles on the latest security issues.
7. Send an apology message to all your friends who may have been attacked and advise them to follow these steps as well.

Many times people forget basic security practices and this is why Facebook has repeatedly faced such viral scams as users continue to click malicious links. The most important thing, if remembered, will automatically prevent users from falling prey to such attacks: Do not respond to any posts that are offering you something free of cost or asking you to click on some link or asking for your permission to gain access to your account.

Happy social networking!

Have something to add to this story? Share it in the comments.

Sanjay Katkar
About Sanjay Katkar
Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of Quick Heal Technologies Limited. He holds a Masters in Computer Science from University...
Articles by Sanjay Katkar »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image