Security Protection – Harry Waldron MVP Rotating Header Image

Facebook – New XSS Worm Allows Automatic Wall Posts

Please be careful with links that might be presented to you in Facebook. Another new XSS worm is circulating that can automatically post messages with malicious links on Facebook walls of your friends and contacts. 

Facebook – New XSS Worm Allows Automatic Wall Posts
http://www.symantec.com/connect/blogs/new-xss-facebook-worm-allows-automatic-wall-posts

QUOTE: Currently a new and unpatched cross-site scripting (XSS) vulnerability in Facebook is being widely used to automatically post messages to other user’s walls. The vulnerability was used for some time in some smaller cases; however, it is now widely being used for the first time by many different groups—especially in Indonesia, where we are seeing thousands of infected messages being posted by unknowing users.

Any user who is logged into Facebook and visits a site that contains such an element will automatically post an arbitrary message to his or her wall. There is no other user interaction required, and there are no tricks involved, like clickjacking. Just visiting an infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook.

Leave a Reply