Researcher publishes proof-of-concept code for creating Facebook worm

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
One group has already been abusing this issue to post spam on users' Facebook walls.

A Polish security researcher has published today details and proof-of-concept code that could be used for creating a fully functional Facebook worm.
This code exploits a vulnerability in the Facebook platform that the researcher --who goes online under the pseudonym of Lasq-- has seen being abused in the wild by a Facebook spammer group.

The vulnerability resides in the mobile version of the Facebook sharing dialog/popup. The desktop version is not affected.

Lasq says that a clickjacking vulnerability exists in this mobile sharing dialog that an attacker can exploit through iframe elements. The spammer group who appears to have found this issue before Lasq has been (ab)using this vulnerability to post links on people's Facebook walls.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top