Facebook filth flood – Fawkes Virus to blame?

Objectionable tsunami surges up Walls


The newsfeeds of numerous Facebook users have become flooded with filth – specifically violent and pornographic images – as the result of an attack against the social network over the last day or so.

Objectionable content such as photoshopped images of celebrities such as Justin Bieber in sexual situations, violent pictures and depictions of an abused dog have appeared on the social network. Victims confronted by these images have taken to Twitter to vent express their outrage, as is the local custom.

Net security firm Sophos was among the first to warn of the apparent outbreak, following first-hand reports of the outrage by readers of its Naked Security blog. The mechanism behind the spread of the offensive content remains unclear, although some form of clickjacking attack is one obvious contender.

The motives behind that attack – much less its perps – also remain anybody's guess, though one obvious suspect has to be Anonymous. The shock content fits Anonymous' style, or at least its 4chan roots, and supposed members of the group have been threatening Facebook of late.

A supposed 5 November campaign against Facebook, disavowed by prominent members of Anonymous months ago, came to nothing. We were inclined to write off another threat that surfaced on Friday as probably another hoax (or damp squib) but perhaps we spoke too soon.

A purported member of Anonymous announced its intention to release a “highly sophisticated” worm onto Facebook last week. The so-called Fawkes Virus consists of a "highly sophisticated worm, with advanced network self-replication and remote abilities,” according to the message. It “sends out malicious links and gains access to your account”, something that might fit with the outbreak of filth reported by Sophos.

"If it’s not a hoax, it appears to have the characteristics of 2008's KoobFace, but unlike its predecessor it should also receive commands from a remote attacker and simulate 'basic actions on Facebook accounts, such as sending a friend request or a message'," Razvan Livintz, an analyst at Romanian anti-malware firm BitDefender wrote last Friday.

The supposed activist released a video discussing the malware, whose original creation date matched that of a Trojan, called Bifrose-AAJX, detected by Romanian anti-malware firm BitDefender since 8 July.

Last Friday (11 November), links to download Bifrose-AAJX appeared on Facebook under the guise of a scam purporting to offer a "New Facebook Video Chat with Voice Features". Users were encouraged to follow a link to download the software, actually a backdoor that logs keystrokes and gets up to all manner of other mischief.

Aside from the timing there's nothing much to link the Bifrose-AAJX scam with the Fawkes virus, as BitDefender acknowledges. "It doesn't have the self-replication component Anonymous said it should have. It does connect to a remote server in Egypt instead, which is something the video 'forgot' to mention," Bitdefender staffer George Lucian Petre wrote on Saturday.

So to summarise a somewhat confusing situation: objectionable content is appearing in users' news feeds on Facebook for reasons unknown. This may or may not be linked to a threatened malware-powered attack against the social network by someone purporting to represent Anonymous.

We're asking Facebook to comment on the situation and will update this story as and when we hear more. ®


Keep Reading

Ireland unfriends Facebook: Oh Zucky Boy, the pipes, the pipes are closing…from glen to US, and through the EU-side

Anti-social network asked to stop piping Irish uncles' mutterings to America

TikTok to splurge €420m on Ireland data centre to get Euro-data into Europe by 2022

Nothing but love for regulators, but nothing for hyperscalers despite previous Google Cloud entanglement

Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000

Nearly 2,000 e-commerce shops pwned over weekend so it's time to migrate

Facebook tells US tax bods: Swear to God, we were only worth $6.5bn in 2010 because we were menaced by... MySpace and smartphones

IRS wants Zuckerberg's empire to cough up $9bn in back taxes

SAP on the back for Michiel Verhoeven who has been handed the keys to ERP giant's UK and Ireland biz

Ex-MD Jens Amail returns to Germany, and we can't blame him

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Eleven flaws cleaned up including one that may be exploited to sling malware downloads

US govt: Julian Assange tried to recruit hacker to steal hush-hush dirt and we should know – the hacker was an informant

WikiLeaker accused of tapping up LulzSec's Sabu as a source

From MySpace to MyFreeDiskSpace: 12 years of music – 50m songs – blackholed amid mystery server move

Vast storage savings...er, tragic loss attributed to a data migration gone awry

Biting the hand that feeds IT © 1998–2020