It’s been a while since I jumped into a good old-fashioned rant. As there is, as the kids say these days, no time like the present, I figure now would be a good time. On the morning news as well as all over the internet were reports of a massive Facebook spam attack that flooded users’ profiles with violenct and pornographic images. So I thought to myself, “That’s kind of messed up. Let me go to my account and make sure I’m good.”
And of course I was. And there was nothing in my friends’ feeds either. Not because we did anything special or have security settings configured in a certain way, but because there are still some of us left who have some common damn sense. After reading about how this attack was executed, it became clear to me that, while it was through trickery, the exploitation was invited by the affected users themselves.
The attack tricked Facebook users into pasting a malicious snippet of javascript into their web browsers and running it, which then exploited a browser vulnerability causing them to “share” and “like” the malicious content without even knowing it.
That’s when I stopped reading for a while. I had to weigh my feelings on this one – on the one hand we as tech people have a responsibility to educate our friends and the public at large as to how to protect themselves in the digital age. On the other hand, we’ve been doing that forever and no one seems to care. And while attacks and malware have evolved, the method for preventing this type hasn’t, as it’s one of the big ones we’ve been advocating for years – don’t click on crap that looks suspect. This case takes it a step further – now someone’s telling you, “Hey, stick this code in your browser and run it. Cool stuff to follow,” and users mindlessly do it. Then the public end result is a number of Facebook users on Twitter expressing their disgust and delivering empty threats to close their accounts, as if the internet is a magical and safe place where nothing bad has ever happened and people honestly just want to give you free stuff.
While spam on Facebook is nothing new, it’s never been this bad or spread at such a rapid pace before. But at the time I’m writing this, Facebook has already claimed to have eliminated the malicious pages and identified the users responsible. “Our team responded quickly and we have eliminated most of the spam caused by this attack,” a Facebook statement said. “We are now working to improve our systems to better defend against similar attacks in the future.” This must have been a tough one for them to counter, seeing as the spread not only was user-generated, but exploited vulnerabilities in browsers, not actually Facebook itself. I didn’t see any info on which browsers were the ones jacked, but I can guarantee that it affected the people who don’t follow their tech friends’ advice to “make sure everything’s always updated.”
Article comments