Facebook 'eliminates most of porn image spam attack'

Facebook logo displayed on a computer screen Security experts say the attack could be directed against other websites

Related Stories

Facebook said it has rid its site of most of the pornographic and violent images posted as part of a spam attack.

The social network blamed a browser vulnerability and said it was improving its systems to defend itself against similar attacks in the future.

Thousands of the website's 800 million users have complained about the pictures over recent days.

A source told the BBC that Facebook knew who was responsible - and it was not an Anonymous hacktivist.

The firm is understood to be working with its legal department to take action against the suspected attacker.

Browser exploit

Facebook said the spam attack worked via a "self-XSS vulnerability in the browser".

It added: "During this attack, users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content.

"No user data or accounts were compromised during this attack."

The firm said its engineers had built enforcement mechanisms to shut down malicious pages and accounts that attempt to exploit the vulnerability.

It also offered the following advice to help guard against further attacks:

  • Never copy and paste unknown code into the address bar
  • Always use an up-to-date browser
  • Use the report links on Facebook to flag suspicious behaviour or content on friends' accounts
Strange

Facebook allows children above the age of 13 to be members, and polices a ban against inappropriate images.

However, security experts said it was difficult for the firm to respond to this threat, bearing in mind it exploited a vulnerability in an unnamed web browser rather than the site itself.

They also said that the attack was very unusual because most other scams on the social network are designed to deliver a financial payout.

"This seems to be a purely malicious act. Facebook has a reputation for maintaining a reasonably family-friendly environment," wrote Chester Wisniewski, a senior security advisor at Sophos, on his company's blog.

"Hopefully whichever browser it is that has the flaw will provide a fix ASAP, but as we know most people are slow to apply updates regardless of which browser they use (except Chrome)."

"The flaw being exploited could likely be used against other sites as well if users can be tricked into pasting malicious javascript into the browser."

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

Elsewhere on the BBC

  • SkeletonRobot skeleton

    BBC Future discovers how a pair of bionic legs helped get Daniel Fukuchi back on his feet

Programmes

  • Click reporter Jen Copestake looks at a smart mirrorClick Watch

    From the mirror offering beauty advice to next gen robot vacuums - the connected home of the future

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.