The Korea Herald


Facebook warns of recent wave of spam


Published : Nov. 17, 2011 - 09:23

    • Link copied

NEW YORK (AP) _ Facebook said Wednesday that it has stopped most of the spam that has flooded many users' pages with pictures showing graphic sex and violence.

The social-networking company urged its 800 million-plus users to remain vigilant to keep their accounts from being hijacked.

That includes reporting suspicious links on friends' pages and not clicking on links that offer deals that are too good to be true.

Social-networking sites are popular targets for spammers because people are more likely to trust and share content that comes from people they know. This makes spam, scams and viruses easy to spread.

Still, Facebook says less than 4 percent of content shared on the site is spam. By comparison, about 74 percent of email is spam, according to security firm Symantec, though the bulk gets filtered out before reaching the inbox.

Over the past couple of days, many users have complained about finding links on their Facebook pages taking them to images depicting jarring violence and graphic pornography. Although the way the latest spam messages spread isn't new, their content is more shocking than the typical scam enticing a free iPod shuffle.

The latest attack tricked users into clicking on links by offering some sort of promise _ free plane tickets, a fun new video or answers to a quiz, for example, said Vikram Thakur, principal security response manager at Symantec.

Clicking on the link took users to a page that asked them to copy and paste a line of malicious JavaScript programming code into the address bar of their Web browser.

``Pasting that little message will pick up a message or picture from whatever website the JavaScript is posting to,'' Thakur said, adding that it doesn't matter what type of browser people use.

The content is then posted on the users' Facebook page, usually without their knowledge. It spreads further when their friends then click on those links, thinking that it was posted by the user on purpose.

Facebook said no user data or accounts were compromised during the attack.

It urged users not to cut and paste unknown code into a browser's address bar. They should always use an up-to-date browser and report any suspicious content on the site.

While the site scans malicious links against security databases and blocks those known to lead to spam, it can't stop people from copying and pasting text manually into their Web browser.

That's where user vigilance comes in.

Thakur said users should be suspicious by the mere fact that someone is asking them to copy and paste something that Facebook is not permitting to be clickable directly.

Facebook said it built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit the vulnerability.

``Our team responded quickly and we have eliminated most of the spam caused by this attack,'' Facebook said in a statement. ``We are now working to improve our systems to better defend against similar attacks in the future.''


<한글 기사>

"페이스북에 해커 침입했다"

페이스북은 최근 폭력적이고 음란한 스팸 사진들이 확산되고 있는 것과 관련, 해커들이 일부 웹브라우저를 이용해 침범 한 것을 확인한 뒤 차단작업을 벌이고 있다고 밝혔다고 CNN 인터넷판이 16일(이하 현지시간) 밝혔다.

페이스북의 대변인 프레데릭 울렌스는 이메일을 통해 보안팀이 스팸의 원인을 확인하는 작업을 해왔으며, 15일 오후 현재 "이번 (사이버) 공격으로 발생한 스팸의 대부분을 제거했다"고 말했다.

그는 이어 "향후 유사한 공격에 효율적으로 대처하기 위해 시스템 개선작업을 하고 있다"고 덧붙였다.

앞서 인터넷보안회사인 소포스의 컨설턴트 그래햄 클룰리는 죽은 개의 모습이나 아이돌스타인 저스틴 비버가 성적인 행위를 하는 것처럼 조작된 사진 등  "노골적이 고 폭력적인" 영상들이 페이스북에 쏟아져 들어오고 있다고 전한 바 있다.

울렌스는 이번 공격으로 이용자들의 계정 관련 정보나 데이터가 훼손되지는 않았다고 밝혔다.

페이스북은 그러나 이번 공격의 배후에 대해서는 언급하지 않았다.

업계에서는 이번 사건이 해커단체인 어나너머스의 소행일 것이라는 추측들이 돌 고 있다.

어나너머스는 한때 11월5일 페이스북을 공격하겠다고 밝혔으나 실제 당일  별다 른 움직임이 없았다.

하지만 그후 어나너머스와 제휴하고 있다고 주장하는 단체가 유튜브를 통해 '포 크스 바이러스(Fawkes virus)'라는 것을 만들었으며, 이를 이용해 페이스북을 공격하겠다고 밝힌 바 있다.