A Facebook cross-site scripting (XSS) vulnerability was used to launch a self-propagating spam worm on the social network, according to security researchers from Symantec.
The XSS vulnerability was located in the Facebook mobile API and was caused by insufficient JavaScript validation.
In order to exploit it, attackers created a Web page containing a specially crafted iframe element that forced all logged in Facebook users visiting it to post rogue messages on their walls.
By crafting the spammed message to lure users into visiting the malicious site, the hackers were able to create a self-propagating worm.
Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back
Deep Research: McAfee GTI, JTI, Artemis and Other Technologies Explained
Researcher publishes proof-of-concept code for creating Facebook worm