Updated Facebook officials have tracked down the scammers responsible for deluging the social network with images depicting bestiality, self-mutilation and other depravity and is vowing to seek swift justice.
According to reports published by PCMag.com and ZDNet, Facebook officials have also figured out who is behind the attack. Both reports cited the same statement from a Facebook PR representative that says:
"In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that has already identified those responsible and is working with our legal team to ensure appropriate consequences follow."
Neither report divulged the identity of the scammers or said if law enforcement agencies have been called in to investigate.
When The Register asked Facebook representatives for confirmation, one of them responded with a statement that read: "We've identified the responsible parties and are pursuing legal action at this time."
Facebook's enforcement team has already taken a tough stance against spamming. In 2009, it sued serial spammer Sanford Wallace and two associates for spamming members with wall posts that posed as messages from their friends. The social network was eventually awarded $711 million in the case. Earlier this year, Wallace was criminally charged with hacking more than 500,000 Facebook accounts.
Facebook has sued other alleged spammers as well.
Facebook has yet to elaborate on key details of the ongoing attack. It's still unknown if the cross-site scripting vulnerability is unique to a particular browser and how many of its 800 million users have been affected.
The scripts contain obfuscated code that generates invite messages to all of a user's Facebook friends and includes an invisible link to hxxp://aagmphxa.facebook.joyent.us/goog/index1.php. The URL no longer works. ®
This post was updated to add comment from Facebook and details from Zscaler.
Follow @dangoodin001 on Twitter.
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Max Schrems
- Palo Alto Networks