Skip to main content

Facebook Worm Sends Users to Porn

Ahh the glories of online porn: apparently no web surfer or website is immune. As it stands, porn is slowly infecting Twitter, and now it's infiltrating Facebook as well. According to a security researcher at AVG Technologies, a porn-related worm has actually infected the latter site, passing from one user to another after clicking on a rather interesting image appearing on Facebook Walls.

AVG's Nick FitzGerald reports that the worm attracts its victims by using a thumbnail of a sexy bikini-clad woman along with the following text: "Want 2 C something Hot? Click da button, baby!" Once clicked, another browser window opens displaying a larger version of the thumbnail. Daring web surfers who click on the larger image are thus sent to a porn site. If the victim is logged into Facebook, then the worm inserts itself onto the user's Facebook Wall.

"This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack," he said. "A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook "as if" the victim had submitted a URL for a wall post and clicked on the "Share" button to confirm the post."

FitzGerald doesn't really offer a solution for Facebook users, but advises them to not click on the button (duh). He said that the issue is something Facebook needs to correct behind-the-scenes.

UPDATE: Apparently Facebook has now successfully blocked this worm.

Get more tech and gaming news by hitting me up on Twitter here.