A massive spam attack is wreaking havoc on Facebook users' News Feeds.
ZDNET has covered the spamming for the last couple days and reports that the attack has flooded some feeds with graphic photographs, apparently distributed via hijacked accounts.
One Facebook user contacted The Huffington Post and reported that a friend's account had inexplicably posted a disturbing image of an injured dog. "I know [my friend] would never publish something like this on his own," the user wrote.
According to Sophos' Naked Security blog, several different images are spamming feeds across the site.
The content, which includes explicit hardcore porn images, photoshopped photos of celebrities such as Justin Bieber in sexual situations, pictures of extreme violence and even a photograph of an abused dog, have been distributed via the site - seemingly without the knowledge of users.
Although a Facebook rep was not immediately available for comment, the company has already confirmed the attack with a number of blogs. For example, Mashable writes that Facebook has acknowledged a "coordinated spam attack" that tricked users into copying and pasting "malicious javascript in their browser URL bar."
Detailing how they are handling the attack, Facebook provided Mashable with the following statement:
During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.
Computerworld notes that some believe the browser exploit was written by members of hacker-activist collective Anonymous. Back in August, Anonymous was allegedly planning to attack Facebook on November 5, but that deadline came and went without incident; in addition, several individuals believed to be associated with Anonymous have denied involvement in the planning of a so-called "Operation Facebook".
Has your Facebook account been compromised by a spam or clickjacking attack? Check out our list of helpful tips (below) to find out how you can clean up your profile once it's been compromised. If you're curious about what kinds of Facebook scams to watch out for, check out our slideshow of the 9 most common Facebook scams (here).
