Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Researcher publishes proof-of-concept code for creating Facebook worm
#1
Researcher publishes proof-of-concept code for creating Facebook worm



Quote:One group has already been abusing this issue to post spam on users' Facebook walls.

A Polish security researcher has published today details and proof-of-concept code that could be used for creating a fully functional Facebook worm.
This code exploits a vulnerability in the Facebook platform that the researcher --who goes online under the pseudonym of Lasq-- has seen being abused in the wild by a Facebook spammer group.

The vulnerability resides in the mobile version of the Facebook sharing dialog/popup. The desktop version is not affected.

Lasq says that a clickjacking vulnerability exists in this mobile sharing dialog that an attacker can exploit through iframe elements. The spammer group who appears to have found this issue before Lasq has been (ab)using this vulnerability to post links on people's Facebook walls.


https://www.zdnet.com/article/researcher...book-worm/

[Image: facebook-icon.jpg]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 Bjyda 0 972 02-19-2021 , 10:55 PM
Last Post: Bjyda
  Avira Free Antivirus intercepts passwords from browsers and publishes them in the con Igoreha 0 1,160 05-08-2020 , 01:44 PM
Last Post: Igoreha
  Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally mrtrout 0 1,745 08-23-2019 , 04:15 AM
Last Post: mrtrout
  Fileless Backdoored Trojan Spreads Using Worm Living in Removable Drives mrtrout 1 1,643 11-28-2018 , 10:23 AM
Last Post: tarekma7
  Researcher Discloses "Unpatchable" Nintendo Switch Exploit tarekma7 0 1,324 04-24-2018 , 05:40 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)