Richi Jennings

Facebook profile spam porn -- Anonymous Fawkes malware?

November 16, 2011 6:01 AM EST
By (@richi ) - November 16, 2011.
[Updated with more info and comment]
 
Anonymous logo Facebook feeds everywhere have been filled with porn and violence spam. In what is perhaps the biggest Facebook hack to date, the social network is battling to contain the startling imagery. In IT Blogwatch, some bloggers finger Anonymous' Fawkes virus, but others say it's the same-old same-old.
 
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Patient: Wayne, Bruce; Occupation: Industrialist...
 
 
Gregg Keizer reports:
Facebook...said the attack was based on a "self-XSS vulnerability in the browser," but did not identify which...browsers contained the bug. ... [The] description reads more like clickjacking, the term coined...in 2008 to describe a variant of cross-site scripting.
...
[T]he images...ranged from modified celebrity photos to pictures of extreme violence and animal abuse.    M0RE
  
Emil Protalinski adds:
Some members of the social network are complaining about...pictures showing up in their News Feeds without their knowledge. ... Others are being told...that they are sending requests to click on links...bogus chat messages, or...tagged photos.
...
We’ve seen this type of spam on Facebook before, but it’s coming in at a much faster pace, as if it was something planned in advance. ... Users are unsurprisingly outraged.    M0RE

Chester Wisniewski XplainSS:
XSS is shorthand in security circles for cross-site scripting...[which] essentially allows an attacker to execute JavaScript code in your browser that can...control the website you are interacting with. ... [U]sers were being enticed to copy and paste the offending JavaScript into their...web browser.
...
The bigger question is what motivated the attackers? ... This seems to be a purely malicious act. ... Facebook users don't expect [extreme imagery] showing up on their wall.    M0RE

And Adrian Chen asks, "What's going on?":
The sorts of things you'd find on an average trip to 4chan are now just popping up in innocent user's newsfeed...the smut and gore is cutting a wide swath on Facebook. ... Worms and scams aren't uncommon on Facebook, but [this] appears to be of a different magnitude.
...
[H]ackers associated with Anonymous claimed last week to be developing a powerful "Guy Fawkes virus" with which they would attack Facebook.    M0RE
 
Meanwhile, Sean Gallagher says Facebook is partly to blame:
The attack demonstrates the vulnerability of the service to social engineering attacks. ... It uses a link disguised as a seemingly innocuous news story as bait—made more prominent thanks to the recent changes Facebook made in how it displays users' timelines.
...
No one purporting to be associated with Anonymous has taken credit for the clickjack.    M0RE
 
And John Leyden jars the lulz theory:
The attack...involved tricking users into pasting rogue JavaScript code into their browsers. ... Initially it was suspected a purported member of Anonymous...might be behind the attack. This theory has now been binned.
...
The attack is particularly unpleasant because Facebook tries to maintain a family-friendly environment. ... The site is reportedly putting in place systems to prevent similar attacks in future.    M0RE
  
And Finally...
Patient: Wayne, Bruce; Occupation: Industrialist
  
 
Don't miss out on IT Blogwatch:


Richi Jennings, your humble blogwatcherRichi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.