Clever spammer found a flaw in Facebook to spread unwanted messages to walls
By Gina on September 7, 2010 | Vulnerabilities
Recently Facebook’s walls were flooded with thousands of messages. A spammer found vulnerability in Facebook’s photo upload system and used it for their malicious intentions.
A victim of this attack Andrew Jones said he noticed spam after friend pointed out a messages on this wall. As A. Jones claims, he changed his password immediately but he was still afraid his other account details might be taken over. “No other signs of compromise were visible, and I concluded the most likely scenario was a public computer I had used recently had some type of malware on it,“ A. Jones commented.
It seems like Facebook noticed their vulnerable spot because it released an explanation on this matter: „Earlier this week, we discovered a bug in the code that processes photos as they're uploaded. This bug caused us not to make the correct checks when determining whether a photo should be posted to a person's profile. We quickly worked to resolve the issue and fixed it shortly after discovering it. For a short period of time before it was fixed, a single spammer was able to post photos to people's profiles that they hadn't approved.“
What was the spam about? Hackers used iPhone and iPad for their malicious advertising. Most of the fake messages stated about free iPhones and iPads. Rogue messages lead user to fill out marketing surveys which definitely asks your personal data. Facebook confirmed that none of accounts were compromised and they took care of the bug.
Those accounts that were hit with rogue messages already got notices from Facebook security team that read: „For a few hours on Sunday, there was a spamming incident on Facebook. During this time, photos, mostly of supposedly 'free' iPhones were posted to some people's walls, including yours. We've removed the photo from your Wall and fixed the issue that allowed spammers to do this. We're sorry about the photo, but can assure you that this did not affect the security of your account in any way.“
More Vulnerabilities news
Denial-of-service flaw is fixed by Oracle
Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Read more.- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
- Adobe Reader targeted again: Acrobat vulnerability
- From „White hat“ Charlie Miller was turned to „Black hat“
- Temporary remedy against Dugu
- Malware distribution tendencies 2011
- Mac OS X Lion flaw gives opportunity attacker changing victim’s password
- Flaws have been detected in Symantec Endpoint Protection Manager
- New IE bug may expose your cookies
- Secret is not revealed but Facebook’s flaw is repaired
