Feeds

Facebook says it's winning against Justin Bieber smut onslaught

Scrubs punters' walls clean of bogus celeb porn

Secure remote control for conventional and virtual desktops

Facebook said it is well on the way to cleaning up a noxious slurry of porn and pictures of dead animals left by a spam campaign that targeted users' walls this week.

The attack - which resulted in punters being greeted by an avalanche of photoshopped pornographic images of Justin Bieber - involved tricking users into pasting rogue JavaScript code into their browsers.

As previously reported, Facebook described the mechanism of the attack as a self-inflicted XSS vulnerability. The social network says it managed to eliminate most of the rogue status updates by Wednesday lunchtime.

In a statement, Facebook said:

We've built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves.

Initially it was suspected a purported member of Anonymous, who threatened to unleash a Koobface-style worm against the site, might be behind the attack. This theory has now been binned, and it now seems that cyber-crooks are behind the attack, which is likely to be financially motivated, possibly through means of driving traffic to dodgy shopping sites.

The attack is particularly unpleasant because Facebook tries to maintain a family-friendly environment for its teenage and adult users. Children under 13 are not allowed to open accounts.

The site is reportedly putting in place systems to prevent similar attacks in future. Security experts warns that other popular websites might be hit by similar outbreaks in future.

"The flaw being exploited could likely be used against other sites as well if users can be tricked into pasting malicious javascript into the browser," Chester Wisniewski, a senior security advisor at Sophos warned. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ellison: Sparc M7 is Oracle's most important silicon EVER
'Acceleration engines' key to performance, security, Larry says
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.