Social Media & Technology

Facebook Users Attacked with Violent and Pornographic Spam

Posted by on Nov 16, 2011 | 26 Comments

Normally when I log onto Facebook.com, I am greeted with images of weddings, babies, and my 28 going on 18 friends doing shots at a bar downtown. Though these images are in their own right slightly disturbing, they don’t even compare to the horror I witnessed while using Facebook on Monday night. After doing everything else I could think of to procrastinate writing another blog post, I logged onto Facebook, expecting to see the typical updates from my friends. Instead, I was greeted with a series of awful, graphic, violent images. I’m friends with many people I don’t know, so seeing odd images is par for the course when I view my normal news feed. However, seeing an image of a murdered dog was more than abnormal — especially after I saw the picture had over 600,000 comments and over 20k “Likes.” Minutes later, I clicked to see new posts in my feed — and was then bombarded with a stream of more murdered animals and then an aborted fetus. Hopefully you have never seen such gore — but if you have, you probably understand why I completely freaked out.

It wasn’t until after gaining my composure that I stumbled upon a post on ZDNet by Violet Blue that highlighted the fact this spam was “Spiraling Out of Control.” Of course, that still didn’t help me sleep at all on Monday night. On Tuesday, most tech blogs and even mainstream media were covering the spam — and even my own Facebook friends shared that they had been subjected to images of hardcore porn over the previous weekend, too — but it wasn’t until Monday night that the attack became more prevalent. In the midst of these images appearing in users’ news feeds, many suggested to just change your Facebook password. Unfortunately, this attack worked somewhat differently. In a statement to press via email, Facebook said that “during this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. No user data or accounts were compromised during this attack,” said a Facebook spokesman via email. “Our engineers have been working diligently on this self-XSS vulnerability in the browser.”

So why did users like me — who have very few apps and know better than to click on almost anything on Facebook — see the images? The image in my news feed appeared because one of my Facebook friends had commented on the image. With Facebook’s new algorithm, any activity by your friends appears in your news feed, including comments on images. Facebook is also now promoting images, so when your friends comment on or like an image, the entire image shows up in your news feed. This functionality of Facebook, paired with the initial “code” users fall victim to that promotes the images from their own profile, mean that even the most tech-savvy were subjected to pornographic and violent images over the last few days. (In addition to the images I saw, other users reported murdered people and images of the Devil.)

And why did it take so long for Facebook to respond to this attack, which lasted for at least three days? In a blog post by Chester Wisniewski, a senior security advisor at Sophos Canada, Facebook had a difficult time responding due to the method by which the attack was propagated. He said that, “Considering that the flaw is not within Facebook’s website, it appears to have been rather difficult for [it] to respond to this threat.” This, of course, does not bode well for those who are already concerned about their privacy while using Facebook.

Other Facebook users who are concerned that Facebook is going the way of MySpace (e.g., littered with porn, other spam, and malicious code) have a legitimate concern, though they should know that, in regard to this week’s spam attack, Facebook is working to remove the holes that allowed these spammers to infiltrate the social network and prevent the network’s downfall. Facebook said that “We’ve built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place back end measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

But will that be enough for people to continue using Facebook, instead of abandoning it for another social network, such as Twitter or Google+? Many people have threatened to delete their Facebook accounts because of the spam. Obviously, Facebook has severe vulnerabilities — but like I said a few weeks ago — could its users really leave Facebook behind entirely?

As of the time of this post, no one has been identified as causing this spam attack. Facebook, however, did say it was a “coordinated” attack, leaving many — including me — wondering whom or what entity has such grievances with Facebook that it would terrorize its users (many of whom are under 18) with such violent imagery.

Did you see pornographic or violent images in your news feed earlier this week? Let us know what you think Facebook — and its users — should do about it in the comments.

  • Patrick

    Nice post. I don’t think that Facebook think a lot about their decisions before they make them and how it will harm their users. I haven’t experienced what you have just descibed and would not like to. 

    P

  • Patrick

    Nice post. I don’t think that Facebook think a lot about their decisions before they make them and how it will harm their users. I haven’t experienced what you have just descibed and would not like to. 

    P

  • http://twitter.com/ExpensiveePink Jade

    For the last 3 or 4 days I have seen tons of disgusting vaginas, gay porn, Jesus having sex with a man, animal cruelty, and child pornography. It was severely out of control!!!

  • http://twitter.com/ExpensiveePink Jade

    For the last 3 or 4 days I have seen tons of disgusting vaginas, gay porn, Jesus having sex with a man, animal cruelty, and child pornography. It was severely out of control!!!

  • Anon

    If this stems from you being able to see your friends actions to the right of your page, is it possible to turn this feature off? Ill have to look later, but Im pretty sure there is a setting similar. To this in privacy settings. If this is turned off, then it will be less likely to get this spam if you cant see which photos your friends commented or liked if they indeed liked gorey and pornographic things

  • Anon

    If this stems from you being able to see your friends actions to the right of your page, is it possible to turn this feature off? Ill have to look later, but Im pretty sure there is a setting similar. To this in privacy settings. If this is turned off, then it will be less likely to get this spam if you cant see which photos your friends commented or liked if they indeed liked gorey and pornographic things

  • http://twitter.com/br3akth3lim1t Nathan Barnett

    I like Google+ better.

  • http://twitter.com/br3akth3lim1t Nathan Barnett

    I like Google+ better.

  • Techgeek564

    I never even saw it on my post. Thank god Facebook spared me. It would of had nightmares for days and possibly weeks if it spammed my account.

  • Techgeek564

    I never even saw it on my post. Thank god Facebook spared me. It would of had nightmares for days and possibly weeks if it spammed my account.

  • Yeah_I’ll_Smoke_it

    I liked it.

  • Yeah_I’ll_Smoke_it

    I liked it.

  • Xanthor

    I think I was one of the lucky ones as I never saw any of the material you saw.

  • Xanthor

    I think I was one of the lucky ones as I never saw any of the material you saw.

  • http://profiles.google.com/rysliv ryan haz

    and why would this affect you if you got it?  JUST DELETE IT!

  • Anonymous

    I deleted, or should I say ‘deactivated’ my Facebook account today. Not because of this, but I’m just tired of all the garbage that comes with it.

    I got banned from adding friends or messaging people after I added some new ‘friends’ to my profile. I guess Facebook knows if I’m really ‘friends’ with someone and can say weather or not I should add them. And if I have too many friends I get punished for it.

    Just tired of stuff like that, that I don’t need to deal with.

  • Anonymous

    I deleted, or should I say ‘deactivated’ my Facebook account today. Not because of this, but I’m just tired of all the garbage that comes with it.

    I got banned from adding friends or messaging people after I added some new ‘friends’ to my profile. I guess Facebook knows if I’m really ‘friends’ with someone and can say weather or not I should add them. And if I have too many friends I get punished for it.

    Just tired of stuff like that, that I don’t need to deal with.

  • http://twitter.com/hollowpetal Meg McGowan

    I only have my close friends on my personal page (about 40), I have other social networks for conversing with new friends (fb fan page, google+, twitter, eav, etc). This method payed off I think as I avoided these horrific images.
    If it wasn’t for the prevalence of Facebook and the amount my friends use it I would stick with other social networks all the time, but Facebook chat still seems to sap all my time. I don’t think this incident is Facebook’s fault though as Kelly said. History seems to state that as soon as a site gets a large enough it’s right of passage is to get sued and then get constantly hacked. I wish more black hat hackers would use their intelligence to help, like the lockergnome community does.

  • http://twitter.com/hollowpetal Meg McGowan

    I only have my close friends on my personal page (about 40), I have other social networks for conversing with new friends (fb fan page, google+, twitter, eav, etc). This method payed off I think as I avoided these horrific images.
    If it wasn’t for the prevalence of Facebook and the amount my friends use it I would stick with other social networks all the time, but Facebook chat still seems to sap all my time. I don’t think this incident is Facebook’s fault though as Kelly said. History seems to state that as soon as a site gets a large enough it’s right of passage is to get sued and then get constantly hacked. I wish more black hat hackers would use their intelligence to help, like the lockergnome community does.

  • Tina Fisher

    I suggest Google+, but use the chrome or firefox extension, Ad-block plus -  ‘hide element’, to get rid of its newest annoying feature,  What’s Hot.

  • Tina Fisher

    I suggest Google+, but use the chrome or firefox extension, Ad-block plus -  ‘hide element’, to get rid of its newest annoying feature,  What’s Hot.

  • Anonymous

    The problem with any social network that aims to be both public and private, is that privacy will be compromised and people will find ways to attack, hijack and abuse the system.  Sharing has developed this public/private way because that was the easiest way to provide a simple sharing method to millions when MySpace, facebook, et al all started.  However, sharing doesn’t have to be public – it is not an oxymoron to want private sharing. To that end my team and I have been working for the last 2 years on bringing the world’s first truly private social network to fruition and it will launch next week – DAD, http://www.dadapp.com.  The good news is that DAD is more than just an app for sharing over the internet, it also works for you (sync) and sharing at home – “for you, your home, your world”.  I am sure other private sharing apps will arrive in time, all helping to reduce our exposure to these porn and other spamming vulnerabilities.

  • Anonymous

    The problem with any social network that aims to be both public and private, is that privacy will be compromised and people will find ways to attack, hijack and abuse the system.  Sharing has developed this public/private way because that was the easiest way to provide a simple sharing method to millions when MySpace, facebook, et al all started.  However, sharing doesn’t have to be public – it is not an oxymoron to want private sharing. To that end my team and I have been working for the last 2 years on bringing the world’s first truly private social network to fruition and it will launch next week – DAD, http://www.dadapp.com.  The good news is that DAD is more than just an app for sharing over the internet, it also works for you (sync) and sharing at home – “for you, your home, your world”.  I am sure other private sharing apps will arrive in time, all helping to reduce our exposure to these porn and other spamming vulnerabilities.

  • LunaG

    its simple: don’t even click on it for the sake of curiosity in the first place.

    ever heard of “curiosity kills the cat” ???

  • LunaG

    its simple: don’t even click on it for the sake of curiosity in the first place.

    ever heard of “curiosity kills the cat” ???

  • Tljames90

    Yeah the picture are just out of nowhere. There are young people among Church goers and in sure this is not showing Facebook, as usual, in the best light. Honestly, at this point Facebook as a whole is appearing more like an unstable emotional teenage girl and is having tantrums through weird changes of the pages, privacy policies, and crazy porn pics. Facebook get some counseling or slow your roll with the continuous changes.