Facebook porn cyber spam attack stopped

Tuesday's rash of pornographic and violent images on the News Feeds of some Facebook users was caused by a script that took advantage of an exploit in some web browsers, according to a statement from Facebook spokesperson Frederic Wolens. CNN.com reports that according to Wolens, Facebook's team of engineers has now "eliminated most of the spam caused by this attack". He added, "We are now working to improve our systems to better defend against similar attacks in the future."

While there was speculation that the porno spam attack on Facebook was caused by a direct cyber attack, Wolens claims the real culprit was a malicious script that some Facebook users were apparently tricked into adding into its URL address bars on their web browsers. The script caused the user to share the images generated by the exploit onto their News Feed.

So far there's no word on who might be responsible for sharing this web browser exploit although some have speculated it might be a splinter group from the hacker organization Anonymous. Facebook has now reportedly created code that shuts down the pages that are sharing the pornographic links.

Obviously the lesson for everyone is don't cut and past code that you don't know anything about into your web browser address bar. Also, it might be a good idea to make sure your web browser itself is up to date; safety first, after all. You can check out out the reactions to some of Neowin's readers to this Facebook spam in our forum section.

Report a problem with article
Previous Story

Nokia Lumia 800 goes on sale in the UK

Next Story

Google TV 2.0 review: less beta but still beta

18 Comments

Commenting is disabled on this article.

I'm seeing some ****ed up **** on my feed lately, haven't seen no proper porn.. it's more like sick stuff. really twisted stuff.

I never saw any of this, but I did get a lot of chat requests saying "Yukky" and then a video link. Never clicked on them though. I don't trust any of my friends to not send me some disgusting stuff.

What you aren't saying is that the script would send a message to everyone with a link/ video who then if thick enough would open it. Then spamming their friends with the message. I had at least 5 messages / conversations pop up asking me to look at some lady gaga clip. Seeing as I'm not thick and into heavy metal, I didn't bother!

I didn't see it myself...but the amount of paranoid women on Facebook posting messages in caps lock warning people not to click on links of messages they send is rather amusing. To be serious though...its not a nice hack considering te amount of minors that use Facebook

It didn't ask me to copy and paste something, When this arrived with me it just asked you to paste in to the address bar using ctrl-v suggesting that whatever address it wanted you to run it had already placed in your clipboard. You did have to click on what looked like a video link before hand though.
It was an interesting way of doing it, and tbh it looked completely legit from the person sending me it as he would send that kind of thing LOL - it wasn't porn when it first arrived btw

On topic: A mate put something trying to get me to copy/paste the crap - I told her and she deleted it. I did wonder what was going on.

Nucleotide said,
Hardly use Facebook anymore. Most of my time is spent on Google+.

Amazing thank you for sharing the information about your facebook usage, that really added to the topic...

nik louch said,

Amazing thank you for sharing the information about your facebook usage, that really added to the topic...

why so sarcastic? Isn't that all you do on facebook anyway tell people crap about your life that no one really cares about?

Depicus said,
"An web browser exploit" did you mean "A web browser exploit"

That would be true if it was the start of a sentence, but it isn't!

Edit: Sorry just realised this is a fault on the main page excerpt, fixing.

Neobond said,
Browser exploit fail!

I think browsers should warn the users when they "paste and go" JavaScript in the address bar. Otherwise, when they completely disallow running scripts int the address bar, it also means GreaseMonkey can't work anymore...