Facebook - Rated R

Virtual socializing can be tedious, hideous and sometimes disgusting. Last week Facebook users were shocked and enraged by some disturbing and sexually explicit images that suddenly appeared on home pages. Those images included hardcore pornography, torture, animal abuse and even Justin Bieber. The images also appeared on some younger kids' news feeds, potentially making Facebook party to exposing youngsters to obscene materials.

E-Week reported that the spam attack tricked unsuspecting users into copying malicious Javascript code into the URL bar of their web browsers to exploit a cross-site scripting vulnerability. It was not clear which browser had the vulnerability, but Facebook claimed its engineers were bringing the problem under control as of Nov. 15.

Frederic Wolens, a spokesman for Facebook, told NY Times that the attack lured users into copying and pasting a web address into their browser with the promise of showing them a neat video or telling them who was viewing their profile. Instead, that website installed malicious software that began filling their news feeds with violent and pornographic images without their knowledge.

The million dollar question here is, after all the claims made by Facebook management since the last few years regarding privacy and format upgrades, why someone would be able to post something malicious on anyone's wall in a matter of hours? Facebook has been taking some strong spam prevention measures and transmitting dozens of images wouldn't be that easy. That must have been done by a professional. The NY Times added that some web gurus have speculated that Anonymous, the hacker group who threatened to attack Facebook earlier this month claiming to "take down Facebook" in an attack planned for Guy Fawkes Day, Nov. 5, might be responsible for the attack. Facebook said the attack had been designed for financial gain. The junk posts sent users to affiliate sites that could generate revenue for the spammers.

Anonymous promised the attack on Facebookfor not respecting user privacy. Researchers at BitDefender, an internet security firm, reported a new worm that targets Facebook accounts and opens a backdoor on the compromised computer. This may be the "Fawkes Virus" promised by the hacker collective in July, wrote George Lucian Petre, product manager for social media security at BitDefender on the company blog. However, Anonymous did not claim credit for the spam attack or this virus on any of its usual channels on Twitter, E-Week reports.

Andrew Noyes, another Facebook spokesman, told the L.A. Times that Facebook has built enforcement mechanisms to quickly shut down the malicious pages. He also said the company has been putting people who were affected by the offensive spam through "educational checkpoints," so they know how to protect themselves in the future.

E-Week further added that the "self-XSS" exploit refers to the fact that social engineering techniques were employed to trick users into entering the code necessary to execute the attacks, as opposed to other types of XSS-based attacks where the perpetrators embed the code onto the website. Users are often tricked by a "giveaway, contest or sweepstakes for some fantastic prize and to qualify [they] need to paste this magic code into [their] browser," Chester Wisniewski, a senior security advisor at Sophos, wrote on the Naked Security blog. 

Although Facebook, as Wall Street Journal reports, "has a no-nudity policy and requires that members be at least 13 years old,  users are also encouraged to report questionable content via links on Facebook pages. The social network also removes pornography on its own initiative. The problem comes as Facebook gears up to unveil a massive profile page redesign to its 800 million users. The redesign, called Timeline, will take each and every action a user has made on Facebook and organize them chronologically. As one can imagine, no one is going to want their online diary soiled by a speck of violent imagery."

Whoever or whatever was to blame, the damage needs to be contained and fast.  As a result of this debacle, a lot of people have already started deleting their profiles.  

The only obvious solution is to tighten up the security settings, lock down your friends' ability to tag you in posts as much as possible, and picture and run up-to-date anti-virus software on your computers. Younger children shouldn't have a Facebook account at all to avoid situations like this and for so many other reasons. You never know what they might get exposed to or who might contact them. Virtual socializing isn't family-friendly anymore. Today, when all we see is violence in movies and sex on TV, now the old family values are being attacked by online social network obscenity, we are lucky that there's still a Family Guy out there.