Scammers exploit browser vulnerability for spam attack on Facebook

Have you been seeing videos or photos with adult content on your Facebook wall these days? Facebook representatives apologize their users and claim that they have nothing to do with this attack. According to them, it is caused by a browser vulnerability that allows cross-site scripting for scammers. Cross-site scripting means that hacker gets ability to execute his JavaScript in victim’s browser which additionally gives ability to control the website victim is interacting with. However, the saddest thing is that browser which has such vulnerability hasn’t been found and fixed yet.

To make users copy/paste malicious JavaScript code into their address bar of vulnerable browser, bad guys made it look like a giveaway, contest or other occasion helping you to win a fantastic prize. The question arises: who motivates them to continue this attack? Security experts say that this act seems to be purely malicious one and the only problem is to eliminate all unexpected changes made on users’ accounts. That’s kind a surprising thing because almost all Facebook scams are used to generate the money.

We must warn that hackers can be expected to use this flaw against the other websites as well because that vulnerability hasn’t been fixed yet. We hope that vulnerable browser will be fixed as soon as possible, no matter which one it is. To help for fixing it as soon as possible, we recommend you applying all updates of the browser you use.

Source: nakedsecurity.sophos.com


Files
Software
Compare
Like us on Facebook