Facebook says it knows who is responsible for image spam attack

Facebook says that it identified those responsible for an attack earlier this week that spammed Facebook users with pornography and violent imagery, and will investigate its options to prosecute those responsible. The attack is believed to have been exploited through a browser vulnerability, BetaNews is told.

"During this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content", spokesperson Andrew Noyes explained. "Our engineers have been working diligently on this self-XSS [cross-site scripting] vulnerability in the browser".

Noyes told BetaNews it had shut down the Facebook pages from which the hackers launched their attack, and offered assistance to those affected on how to protect themselves from future attacks.

The attacks began this past weekend and quickly escalated by Monday and Tuesday, when the amount of offensive images on news feeds appeared to reach their peak. The imagery depicted acts of violence, pornography, mutilation and bestiality. It is believed to be one of the largest coordinated spam attacks on the site in its seven year history.

Sophos senior security researcher Chester Wisniewski explains how the vulnerability that hackers exploited works. "Cross-site scripting essentially allows an attacker to execute JavaScript code in your browser that can access and control the website you are interacting with", he says. "Facebook says that users were being enticed to copy and paste the offending JavaScript into their address/location bar in the affected web browser".

It is not known which browsers were vulnerable to the cross-site scripting flaw. Facebook users are reminded to exercise increased caution when confronted with suspicious offers or links. Additionally, users shouldn't click any links sent by friends, especially those that appear shortened.

Photo Credit: Fer Gregory/Shutterstock