Facebook Porn Was 'Self-Inflicted JavaScript Injection'

It even sounds pornographic: A self-inflicted JavaScript injection was the method used to trigger the explosion of not-safe-for-work posts on Facebook earlier this week.

Attacks such as this are the bread and butter of online security firms, and Zscaler ThreatLabZ Senior Security Researcher Mike Geide explainins the technology behind the attack in a blog post today.

Yesterday he’d discussed how Facebook users can avoid becoming victims, and you bet his advice involved Zscaler software. As for today’s post, we recommend reading it only if you’re really interested in the technological nitty-gritty. His main points are:

  • JavaScript can be run directly via browsers’ URL bars, and when web surfers are not running NoScript, it can be used to modify the page being browsed, including the way the browser interacts with buttons and links.
  • In this case, JavaScript was used to automatically interact with Facebook accounts by having users unwittingly like posts, otherwise known as likejacking.
  • Self-inflicted JavaScript injection has also been used in previous Facebook attacks, including, “Hey are you still there,” “You look so stupid in this video,” and various scams related to the death of Osama Bin Laden.

Readers: Have you self-inflicted any JavaScript?

Related Stories
Mediabistro Course

Content Marketing 101

Content Marketing 101Get hands-on content marketing training in our brand new boot camp, Content Marketing 101! Starting September 8, digital marketing and content experts will teach you the tips and tricks for creating, distributing and measuring the success of your brand's content. Sign up before August 15 and get $50 OFF registration. Register now!