Over the last few days, Facebook users have been experiencing a flood of links, videos, and images depicting pornography, violence, and a myriad of unseemly images. Facebook confirmed the problem, in short, stating it was hit by a coordinated spam attack leveraging a browser vulnerability.
Some members of the social network are complaining about violent and/or pornographic pictures showing up in their News Feeds without their knowledge. Others are being told by their friends that they are sending requests to click on links to videos, sending out bogus chat messages, or writing mass messages and tagged photos leading people to believe they are in the link.
We’ve seen this type of spam on Facebook before, but it’s coming in at a much faster pace. According to the company, this spam attack all started with users being tricked into pasting and executing malicious JavaScript in their browser’s URL bar. Facebook says it has been shutting down the malicious pages and accounts that attempt to exploit this flaw and has been giving users guidance on how to protect themselves. Overall, the company claims it has managed to drastically reduce the rate of the attack, but didn’t elaborate with actual numbers.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” a Facebook spokesperson said in a statement. “Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.”
“Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
Users are outraged, and as is typical with Facebook members, many are already threatening to close their accounts. That being said, it’s still not known how many of the site’s 800 million active users are affected.
Think you may have a Facebook virus or your account has been hacked? Here are three things you should try: change your password, remove suspicious apps, and perform a virus scan.
Change your Facebook password
It’s possible your Facebook woes are coming from the result of a phishing scam. Someone may have created a fake website that looks like Facebook or another online service you visit and tricked you into logging in. Their goal was to steal your password and other account credentials, and they may have succeeded.
In this case, you should change your password on Facebook. :
If changing your password fixes your Facebook problems, you should change your password for all your other services too, especially if you use the same password for them as you previously used on Facebook. If this doesn’t fix the problem, try the next step.
Remove unwanted Facebook apps
It’s possible your Facebook problems are coming from a rogue app that you accidentally installed or were tricked into installing. Every Facebook app has certain permissions to your account. Some of these permissions you can modify, while others you cannot.
Your best bet is to remove all the Facebook apps you find suspicious. If you don’t know how to do so, there are guides on Facebook itself.
If cleaning out your apps fixes your Facebook problems, tell your friends they should do the same (chances are the app asked your friends to install it as well). If this doesn’t fix the problem, try the next step.
Get some security software and run a virus scan
It’s possible the problems are coming from some sort of malware, be it a keylogger, a trojan, or some other type of virus. Even if you think your computer is clean, it can’t hurt to check.
I recommend Microsoft Security Essentials –it’s free and gets the job done very well. Another good one is Malwarebytes. Other free alternatives include Avira and Avast.
The aforementioned security programs are for Windows. If you have a Mac, try using the antivirus from Sophos.
After running the virus scan, clean out whatever the program detects.
