Facebook Porn Was 'Self-Inflicted JavaScript Injection'

It even sounds pornographic: A self-inflicted JavaScript injection was the method used to trigger the explosion of not-safe-for-work posts on Facebook earlier this week.

Attacks such as this are the bread and butter of online security firms, and Zscaler ThreatLabZ Senior Security Researcher Mike Geide explainins the technology behind the attack in a blog post today.

Yesterday he’d discussed how Facebook users can avoid becoming victims, and you bet his advice involved Zscaler software. As for today’s post, we recommend reading it only if you’re really interested in the technological nitty-gritty. His main points are:

  • JavaScript can be run directly via browsers’ URL bars, and when web surfers are not running NoScript, it can be used to modify the page being browsed, including the way the browser interacts with buttons and links.
  • In this case, JavaScript was used to automatically interact with Facebook accounts by having users unwittingly like posts, otherwise known as likejacking.
  • Self-inflicted JavaScript injection has also been used in previous Facebook attacks, including, “Hey are you still there,” “You look so stupid in this video,” and various scams related to the death of Osama Bin Laden.

Readers: Have you self-inflicted any JavaScript?

Related Stories
Mediabistro Course

Social Media 201

Social Media 201Starting October 13, Social Media 201 picks up where Social Media 101 left off, to provide you with hands-on instruction for gaining likes, followers, retweets, favorites, pins, and engagement. Social media experts will teach you how to make social media marketing work for your bottom line and achieving your business goals. Register now!