Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Facebook glitch let spammer post to walls

Facebook says that a photo-processing flaw let a spammer post thousands of Free iPhone messages

A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week.

Facebook confirmed the bug Friday, after notifying affected users of the issue.

Andrew Jones was one of the victims. He thought that his Facebook account had been hijacked Sunday after a friend pointed out a spam message on his wall. He quickly changed his password, but worried that some of his other e-mail accounts might have been taken over too. "No other signs of compromise were visible, and I concluded the most likely scenario was a public computer I had used recently had some type of malware on it," he told the IDG News Service via e-mail.

Turns out that the problem was all Facebook's.

"Earlier this week, we discovered a bug in the code that processes photos as they're uploaded. This bug caused us not to make the correct checks when determining whether a photo should be posted to a person's profile," Facebook said Friday in an e-mailed statement. "We quickly worked to resolve the issue and fixed it shortly after discovering it. For a short period of time before it was fixed, a single spammer was able to post photos to people's profiles that they hadn't approved."

Most of the messages promised "Free iPhones," a common spam message on Facebook these days. The free iPhone and iPad messages generally take users to websites where they are instructed to fill out marketing surveys or sign up for product subscriptions. Victims have reported having their phone numbers inundated with calls after filling out these surveys.

Facebook says that the spammer hit thousands of profiles before the company removed the spammy photos and notified affected users. No accounts were compromised as a result of the bug, Facebook said.

People whose Walls were hit with the spam got a notice from Facebook's security team, reading:

"For a few hours on Sunday, there was a spamming incident on Facebook. During this time, photos -- mostly of supposedly 'free' iPhones -- were posted to some people's Walls, including yours. We've removed the photo from your Wall and fixed the issue that allowed spammers to do this. We're sorry about the photo, but can assure you that this did not affect the security of your account in any way."

Spammers love Facebook because users are more likely to click on Facebook messages and wall posts than on links in unsolicited e-mail messages.

This week, Facebook introduced new controls that allow users to see if unauthorized computers have been used to log into their accounts.

But spammers will keep trying to use Facebook, according to Chris Boyd, a senior researcher with security vendor GFI Software.

The spam images used by this "Free iPod" spammer can be highly effective, he said. "Image spam is a great way for scammers to promote fake applications and surveys," he said via instant message. "An individual likely to fall for something like this will probably be more attracted by a nice picture than a random spam-link."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Andrew, Facebook, GFI, IDG
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Facebook, internet, Internet-based applications and services, scams, security, social networking
Latest Blog Posts
Whitepapers
  • IDC Insight: V-Ray Gives Symantec NetBackup a Competitive Advantage Today and into the Future
    Over a decade ago, Veritas software announced NetBackup FlashBackup to address the millions of small files problem, which had been and often remains the nemesis to fast and efficient backup of large file servers. Today, the FlashBackup technology is used to provide a logical understanding of what is stored with a VMDK- or VHD-image-level backup, without the necessity to install an agent inside each virtual machine. Read more.
    Learn more »
  • Five Things You Need to Know About Your Users Before You Deploy Business Intelligence
    In our years of experience working with companies of all types and sizes to design and deploy business intelligence systems, we’ve learned that there are five key things you need to know about your users before you roll out related technologies to them. In this paper, we will discuss these five things, as well as their implications.
    Learn more »
  • Oracle Business Intelligence and Data Warehousing From Storage to Scorecard
    Getting actionable data in the hands of the right decision makers translates to positive business outcomes – whether that means competing more effectively, reducing operational costs, meeting compliance requirements, or anticipating changing market conditions. To get the right data to the right people at the right time, you need an integrated business intelligence and data warehousing solution that can provide fast access to reliable information and the tools to translate that insight into actions.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments