A massive spam attack is wreaking havoc on Facebook users' News Feeds.
ZDNET has covered the spamming for the last couple days and reports that the attack has flooded some feeds with graphic photographs, apparently distributed via hijacked accounts.
One Facebook user contacted The Huffington Post and reported that a friend's account had inexplicably posted a disturbing image of an injured dog. "I know [my friend] would never publish something like this on his own," the user wrote.
According to Sophos' Naked Security blog, several different images are spamming feeds across the site.
The content, which includes explicit hardcore porn images, photoshopped photos of celebrities such as Justin Bieber in sexual situations, pictures of extreme violence and even a photograph of an abused dog, have been distributed via the site - seemingly without the knowledge of users.
Detailing how they are handling the attack, Facebook provided Mashable with the following statement:
Computerworld notes that some believe the browser exploit was written by members of hacker-activist collective Anonymous. Back in August, Anonymous was allegedly planning to attack Facebook on November 5, but that deadline came and went without incident; in addition, several individuals believed to be associated with Anonymous have denied involvement in the planning of a so-called "Operation Facebook".
Has your Facebook account been compromised by a spam or clickjacking attack? Check out our list of helpful tips (below) to find out how you can clean up your profile once it's been compromised. If you're curious about what kinds of Facebook scams to watch out for, check out our slideshow of the 9 most common Facebook scams (here).
If you fell victim to a phishing scheme or another hack attack, it's likely that someone else has obtained your password and is using it to access your account. You'll need to change your login credentials ASAP. Visit Facebook's Account Settings to do this. Remember, don't reuse passwords on different accounts and the more complex the password, the safer you'll be.
If you believe someone has gained access to your Facebook profile and is posting unauthorized content in your name, Facebook's Roadblock tool can help verify your identity and secure your account against the spammer.
One of Facebook's new security features will implement a two-step login process the first time your account is accessed from an unfamiliar device. If you enable this feature, Facebook will send a verification text to your mobile device before allowing access from the new location. You can save or block the new device via your handset. If a foreign device fails to log in, Facebook will notify you when you next log in from one of your approved devices and will give you the option of resetting your password if you suspect foul play.
When you approve a normal app, you "allow" the app access to your profile, trusting that the developers will post only updates about your in-app activities. However, spammers will use this open door to take over your profile. If you fell for a rogue app and mistakenly clicked "Allow," or if you notice excessive activity on your account, you should edit your list of apps and remove any suspicious ones. To do this, open the drop-down box under your Account tab, click "Privacy Settings" and find the "Apps and Websites" settings management tool (at the bottom of the page). This tool will help you manage your apps and the kind of information they can access. Your Apps Page lets you turn off all platform apps or remove/edit each app individually. It's a good idea to use this tool every now and again, since apps tend to pile up over time.
As soon as you can, delete spammy posts from your wall and Facebook inbox. The fewer there are, the less likely you or your friends will be to click on them.
If you were tricked into "Liking" a scam, you'll need to edit your interests on your profile and remove any links to spam sites you may have acquired.
If you suspect your account has been compromised, you can alert Facebook through several channels. To report privacy breaches, you can direct reports to firstname.lastname@example.org. If a scammer gained access to your account password via phishing attack, you can fill out Facebook's phishing report. Facebook also provides a separate form for reporting a malicious link or website.
Facebook recommends that you scan your computer hard drive for malicious software that could potentially tap into your profile again. If you don't have an antivirus app, Facebook suggests using a free trial of McAfee.
If you've entered a line of malicious code into your browser and believe that someone has taken control of your profile and is in the process of spamming your friends, log out of Facebook to stop the attack. One of Facebook's new security features may also notify you of suspicious activity on your account, such as excessive "Likes" or posts.