Facebook seems to have got a handle on yesterday’s avalanche of pornographic and violent images that were inundating user newsfeeds, and say that it was due to users copy and pasting a malicious code into their browser.
“Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible,” Facebook said in a statement.
It is not known specifically what conned users into carrying out the copy and paste, but it’s not the first time this type of spam attack has been seen.
One of the most common attacks that fool people is one that promises users that they will be able to see who views their profile, should they carry out instructions.
Others offer the opportunity to win high-end products, such as an iPad, the latest iPhone or a computer system.
Of course, they are all bogus and the payloads vary from taking users to external sites to carry out surveys, which often request a mobile number to sign users up to premium rate services, to spam or malicious websites. Others simply install a trojan directly onto the user’s PC.
Facebook say that they have been working on the vulnerability alongside building “enforcement mechanisms to quickly shut down the malicious pages and accounts.”
“We have also been putting those affected through educational checkpoints so they know how to protect themselves,” they add.
In other news surrounding the social media site, BitDefender have discovered a new scam that promises users the opportunity to spy on other people’s chat conversations.
The scam appears in various guises and is often found on pages that have been set up to attract a high incidence of likes, such as winning a Guinness prize or even “proving that studying is a bore”.
The links that appear in chat are very difficult for Facebook to resolve as chat-based scams can’t be picked up by the social network’s security software.
This means that ridding the site of the scam will rely much on user ability to spot that it’s a fake, not very comforting considering yesterday’s debacle.
The scam first requires users to like a page, then input their name and country, and then send links through chat.
However, it requires users to already have or install Chrome, and then go on to install the scam software which works as a Chrome extension.
Users are then presented with sponsored adds each time they open Chrome, most of which attempt to direct the user to a survey.
That’s not all though, once a user has installed the extension, it appears to reconfigure their Facebook account to open up a whole host of new features.
These include new activity filters, skins and a host of previously ‘hidden’ features that can now magically be accessed.
These also include the much longed-for dislike button that so many social networkers want to be added.
In reality of course, none of this stuff works, it’s just a third-party app that has the ability to spy on the user’s chat conversations.
Bearing all this in mind, it’s high time that Facebook users became more aware that clicking on random images and videos that they see their friends ‘like’ is dangerous.
Facebook need to make users aware of the various scams doing the rounds, perhaps by making more regular announcements when they first come to light.