Facebook Attack Appears ‘Purely Malicious,’
The spam attack this week that caused people to see pornographic and violent pictures on their friends’ Facebook walls appeared to be a "purely malicious" act, a security expert said.
The Monday incident raised concerns that the attack could be escalated to something more serious. The attack was unusual, because there didn’t appear to be any financial gain for the attacker, Chester Wisniewski, a security expert at vendor Sophos, said Wednesday.
"This seems to be a purely malicious act," he said in the company’s blog.
Such attacks are called "self-XSS," or cross-site scripting. Most of the time, victims are lured into the scam with the promise of a giveaway or sweepstakes prize by pasting the code in the browser. The vulnerability that made the scam possible is in the browser, not Facebook’s web site. The name of the browser that contained the flaw was not known.
Meanwhile, Facebook is in negotiations with the Federal Trade Commission on privacy related to policy changes that were made in 2009. Users and privacy advocates filed a complaint with the FTC, claiming the changes were deceptive. Facebook is close to reaching a settlement that would subject the site to an independent privacy audit for 20 years, The Wall Street Journal reported.