Vulnerability in a Browser(s) and Users Tricked to Copy-Paste a JavaScipt May Explain The Facebook Wave of Pornographic and Violent Spam.

Article first published as "Browser Vulnerability, Tricked Users May Explain Disturbing Facebook Spam" on Technorati.
By Cesar Ortiz
Facebook claims to have found an explanation of the current wave of spam attacks, including explicit hardcore porn images, videos, photo shop created photos of celebrities like Justin Bieber in sexual situations, pictures of extreme violence and even photographs of animal cruelty. These are among many gross pictures being propagated. Users tend to see the images posted on a friend’s account, visible to everyone but the friend in question. Facebook’s latest statement says the root of the attack is a malicious JavaScript that some users were tricked into copy and then paste to their browser URL address bar. Facebook released this statement:

 Beginning of quote

“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this spam attack users were tricked into pasting and executing malicious java script in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

End of quote

Hackers are tricking users to manually do a copy-paste. This cross-site scripting mainly allows an attacker to execute JavaScript code in your browser that can access and control the website you are interacting with. Facebook says that users were being tricked to copy and paste the offending JavaScript into their address location bar in the affected web browser, but does not identify the specific browser.

The modus operandi of the hackers is to entice you to do a copy- paste. Users are manually spreading the scam unwillingly. Users are told to “"Erase everything in your address bar, copy and paste the code below, and press enter" this is not just any URL, its full-fledged JavaScript code that will initiate the posting of the porno and violent spam to your friend’s news feed. Why the scammers use the “copy-paste” option? Scammers are using a java script. Users are in fact entering and executing the script for the scammers. The “click to a link” method makes the whole task very hard and leaves ID traces, therefore the use of the copy-paste option. The hook to prompt users to do the copy-paste is changed constantly, may be “free Starbucks coffee for a month” or to warn fellow media users of “some danger”, etc. If someone, even a friend, in any social media asks you to do a copy-paste, beware!

Who is behind this campaign? Facebook uses the word “coordinated” to describe the attack. It could mean several servers, possibly in several locations, at the same time. This time is not that a hacker or a scammer wants to steal your hard earned money or your identity. This is a concerted sophisticated effort to harm and disgrace facebook.

Users who are victims of this scam should do the following (1) Remove any related items from your facebook Newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.

Facebook: ‘ AWESOME Video Nicole’s Baby Kicking – The Belly View – Unbelievable " Scam is Spreading Virally

By Cesar Ortiz

Scammers are now using a real YouTube Video of a real life Nicole with a baby kicking inside her belly while at the beach as an inspiration for a scam. The real video reached viral proportions and when we saw the real video it had 3,754,503  views. There is nothing wrong with that video. The lady is dressed in a two piece bikini type swim suit. In the scam, users will receive a post from a friend in her or his News Feed wall. The picture shown in the post appears to be a copy- paste of the original real Nicole picture. The post will have the following message:

Start of quote

"AWESOME Video "Nicole's Baby Kicking - The Belly View - Unbelievable"
video.caxbee.com[link]
An amazing view of a baby kicking and moving his way out of the belly while at the beach."

End of quote

If you click on the "video.caxbee.com[link]" to see the video, you are directed to a page with three advertisings (money per click for the scammers) and an embedded video that looks very much like the original YouTube video. The first indication that this is a scam is that the page we are facing is not a YouTube page. The next indication of a scam is that in this page, there is a statement that says:

 "To watch the video" "Click Share and then click on the Share link button"

A big blue "Share" button is shown as the only option. Users who click on this "Share" button will immediately send this message to all the user friends, therefore propagating the scam. YouTube nor Vimeo or others video portals require that you share anything to view a video. There will not be any real video shown anywhere. So far, at the time of this writing, the only damage done is that you are taken to pay per click advertising sites without your consent. Beware that you have been presented this page by deception and that the deception may continue and escalate to more serious damages if you click on one of the advertisings that turns out to be a trap.

Users who are victims of this scam should do the following (1) Remove any related items from your Facebook Newsfeed wall  page  (2) Notify your friends and make sure you explain that you sent them the scam posting  unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.