Hackers Subvert Facebook JavaScript for Spam

Reports this week indicated that hackers have learnt how to infiltrate Facebook’s on-system apps in order to make them generate spam messages within the social network itself – and ultimately to send spam out from Facebook to elsewhere on the Internet.

Online security expert Christopher Boyd, who carries out research for Sunbelt Software, said that the initial spam to derive from Facebook apps was due to hackers managing to subvert the system’s JavaScript. This has enabled them to spam acai berry diet pages on Facebook users’ walls – clicking on the pages, many of which promise a video clip to watch, will post spam on the site. Mr Boyd warned that if users attempt to navigate away from the app page itself, a “scare” message pops up declaring that the user will “corrupt the Flash install”.

Looking at the JavaScript code itself, the app spam generates messages promoting weight loss products with the declaration that “I am living proof that this works”, with a link to a phony news item. It also sends spam to Facebook chat and wall postings that try and sound like they are from real people, saying: “Hey, What the hell are you doing in this video? Is this dancing or what?? Bahahah.”

Mr Boyd said that the major domain for the spam activity is, which is rife with 404 errors at the moment. Facebook has also acted swiftly to remove most of the application pages that are associated with it.

Writing in his blog, he added: “As always, be careful what you’re clicking on in Facebook – random messages promising junk will usually give you just that, and perhaps a little more besides.”

· · ·

No comments yet.

Leave a Reply