While the so-called Fawkes Virus remains a nebulous idea, as I mentioned here yesterday, there's now much more information about the wave of offensive Facebook content that some have attributed to Anonymous and/or the Fawkes thing. Here are some of the better information sources we have identified .

  • Richi Jennings aggregated a number of comments for Computer World.
  • Facebook was widely quoted as attributing the attacks to a browser vulnerability that facilitates cross-site scripting:
    • Softpedia
    • CNN
    • Bloomberg
    • John Leyden in the Register  quoted Facebook at some length, and pointed out that the site seemed to be attributing the attack to social engineering and user error rather than a browser flaw or a site scripting error: "During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content."
    • Mashable also quoted Facebook at length.
  • Aryeh Goretsky included lots of advice and links on this blog.
  • Dan Goodin, in another article for the Register, indicated that Facebook have made progress on identifying the people responsible for the attacks.

I'm glad Facebook is making progress, but I wish they were a little more forthcoming. The company seems to be limiting its communications to carefully worded statements to the press: I have yet to see any direct advice to its users on the "Facebook Known Issues" page or the "Facebook Security" page.

ESET Senior Research Fellow