Facebook Users Targeted by Cross-Site Scripting Exploit

Wednesday, March 30, 2011



Facebook's security team is working to mitigate problems caused by a cross-site scripting (XSS) flaw that was exploited by attackers to infect user accounts with a self-propagating worm.

The attack affected users whether or not they had enabled the SSL option (https) recently offered by the social network to improve security.

The vulnerability was caused by inadequate JavaScript validation, which allowed attackers to post messages on the profile wall of any logged-in Facebook user who happened across an infected webpage.

Facebook users were lured to the infected websites with specially designed spam, and the messages posted to their profile profile walls contained links to infected sites, which caused the worm to spread rapidly across the network.

From Symantec's Candid Wueest:

"The vulnerability exists in the mobile API version of Facebook due to insufficient JavaScript filtering. It allows any website to include, for example, a maliciously prepared iframe element that contains JavaScript or use the http-equiv attribute’s “refresh” value to redirect the browser to the prepared URL containing the JavaScript."

"Any user who is logged into Facebook and visits a site that contains such an element will automatically post an arbitrary message to his or her wall. There is no other user interaction required, and there are no tricks involved, like clickjacking."

"Just visiting an infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user."

Facebook has patched the JavaScript-based XSS vulnerability, and the company says they are now working to undo the damage done by the attack.

Source: http://www.symantec.com/connect/blogs/new-xss-facebook-worm-allows-automatic-wall-posts

Possibly Related Articles:
Viruses & Malware
XSS Facebook Social Networking malware Javascript Attack Cross Site Scripting
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.