Facebook fixes bug, but ‘Nicole Santos’ hoax lives on

Facebook has successfuly fiexed a bug, that allowed malware to take over accounts. The hoax was basically a post, that urged people to vote for Nicole Santos. It said, that the only way to remove them is to disable them by clicking on a link, which said “remove this app”. By doing that, it allows the malicious code to access your Facebook account and post the hoax to your friends’ pages.

“This spam was spread by a vulnerability in our code and we worked quickly to resolve this matter.” Facebook

“The bug caused a small number of spam comments to be posted to users’ walls, and we are in the process of cleaning up any spam it may have caused.” Facebook

The vulnerability basically was to allow people to post malicious code in comments and they were treated as URLs. The company is removing the posts from users’ pages, but the malware continues to spread when people click on the links.

The Facebook hoax has already taken on a life all its own. “Nicole Santos” was a trending topic on Twitter and a bunch of anti-Nicole Santos Facebook pages were created. Someone began selling a “Vote for Nicole Santos” shirt on e-commerce site Etsy. And a comedian created a rap music video called “You Just Got Hacked: A Nicole Santos Musical Parody.”

Reference: here
I think, this post clearly shows, how people can be manipulated by anything that is spread across facebook. If it would have been a more serious thread, a lot of user could have been hacked, by just clicking on links stupidly.

This entry was posted in IT Security, Week 18. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s