View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Facebook fixes automatic wall posting XSS worm

The virus had been identified by Symantec

By CBR Staff Writer

Facebook has patched the cross-site scripting (XSS) exploit that made smartphone users make automated wall postings. Earlier, security firm Symantec had identified the worm and alerted Facebook about it.

Symantec said that the worm exploited a vulnerability in the mobile API version of Facebook, which was caused by insufficient Javascript filtering. It said that anyone who is logged into Facebook can pick up the worm without the need for any installation.

"Just visiting an infected website is enough to post a message that the attacker has chosen," Symantec’s Candid Wueest wrote.

"Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user."

The exploit has targeted Indonesian users the most.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.