Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Facebook Spam. Show all posts

Clickjacking Vulnerability Spamming the User’s Facebook Wall


A Polish Security Researcher who works under the name of Lasq, found a malevolent spam campaign that spams the users' Facebook wall by exploiting the vulnerability. The said vulnerability came into his notice after he saw it repeatedly being abused by a Facebook spammer group.

The vulnerability as indicated by Lasq is known to reside in the mobile version of the Facebook for the most part through popups while the desktop version stays unaffected.

The link that is the root of all the spamming gives off an impression of being facilitated in an Amazon Web Services (AWS) bucket and diverts the user to a comic website, after they are requested to confirm their ages in French. In any case, even after the user has tapped on the link and done whatever it requested, it was still found to show up on the user's Facebook wall.

At the point when Lasq researched about this issue he found that the spammers were utilizing codes to abuse the IFrame component of Facebook's mobile sharing dialog. He tested for it then with the popular browsers, like the Chrome, Chromium, Edge, IE, Firefox and every other program which displayed X-Edge-Options error and thusly published a blog post with the technical subtleties. He suspected clickjacking.

Later he gathered that because Facebook had disregarded the X-Edge-Options header for the mobile sharing discourse, the "age verification" popup which displayed prior, skirted Facebook's system.


Lasq reached out to Facebook, yet shockingly they declined to fix the issue contending that it is operating in as intended and the case has been closed within 12 hours from an underlying report and clickjacking is an issue just when an attacker some way or another alters the state of the users' account.

On being reached by ZDNet, Facebook essentially stressed on the part that they are consistently enhancing their "clickjacking detection systems" to forestall spam.

Facebook spam abuses Microsoft Translator

We recently investigated the facebook spam that abuses McAfee URL Shortener and Google Translator and published our report.

Today, we have come across a new facbeook spam campaign that abuses Microsoft Translator for redirecting victims to the spammer's site.  I have come across different variants of this spam campaign within last 24 hours.

The list of variants used in this campaign includes the old profile viewer trick " Profile Viewer version 4.6 : Check who views your profile at link in Description".

Facebook profile viewer spam

Facebook SPAMs

Unfortunately, i can't share the screenshots of other variants as it contains adult images.  So , here i am sharing only the description in the SPAM picture:

  • Look what she did after drinking , Video link in description
  • Looks like she enjoyed it, Video link in description
  • They gone too far 
  •  Massive japanise org* sports, Follow the link to watch video
  • Beautiful girl on facebook, click on the link to know about her
  • Got caught making hot video on cam, Video link in description
  • You can't believe she did it in bus,  Follow the link to watch video
  • Got caught in library, Video link in description
  • "She was seduced by her own uncle, find video link in description
All of the spam posts contain a "j.mp" link (url shortener) that redirects the victim to the Microsoft Translator page.  The Microsoft Translator is abused to hide the original spammer website and is used for redirecting to spammers website.

What's worse about these spam campaign is even security researchers fall victim to the spam.  Today, one of my friend fell prey to a post that promising "Free Gift Card to spend at Starbucks!".  So, it is useless to blame a normal users.  I believe they will realize their mistake once they find them-self victim to the attack.

Please share this article with your friends and spread the awareness about facebook spams.

Stay tuned..! I'm starting my investigation on this new campaign ;) This article will be updated if i find anything interesting.