14 November 2011 update: Since this article was first published it has become apparent that many Facebook users in recent days have been bombarded with hardcore porn and images of violence and animal abuse. You can read more about that attack here. Please accept our apologies for any inconvenience caused.
The following article was published in September 2011. It is included below for completeness, however we now believe that there *is* evidence that a problem consistent with the warning messages has struck many Facebook users. In light of that, we advise users that it should no longer be considered a hoax, and apologise for any inconvenience or confusion.
Warnings are spreading like wildfire on Facebook, claiming that hackers are posting pornographic movies on users’ walls which are invisible to the owners of the wall but are visible to friends and family.
You can imagine how that would be pretty embarrassing if were true. Fortunately, as far as we can tell so far, it’s nonsense.
Here’s what a typical message looks like, spread by a Facebook user who thinks they are warning their friends – but really perpetuating the scare.
ATTENTION FRIENDS! HACKERS ARE DOING DAMAGE AGAIN ON FACEBOOK! PORNOGRAPHIC MOVIES ARE BEING POSTED ON OUR BEHALF ON THE WALLS OF OUR PROFILES! WE DO NOT SEE THEM, BUT OTHER PEOPLE DO, AS IF IT WERE OUR PUBLICATION! SOMETIME EVEN OUR SUPPOSED Comments APPEARS. IF YOU SEE SUCH A THING IN MY HOMEPAGE, ALERT ME AND DO NOT OPEN IT BECAUSE IT IS A VIRUS! ...COPY AND RE POST THIS MESSAGE
Here are a couple of other versions of the message:
THE HACKERS ARE PUTTING SEXUAL VIDEOS TO YOUR NAME IN THE WALLS / PROFILES OF YOUR FRIENDS WITHOUT YOU KNOWING IT. YOU DONT SEE IT, BUT OTHER PEOPLE CAN SEE IT, AS IF THESE WERE A PUBLICATION THAT YOU MADE! ALSO, THEY'RE SENDING INBOX MSGS TO YOUR FRIENDS ASKING YOU TO CLICK A LINK. DON'T DO IT!! SO IF YOU RECEIVE SOMETHING FROM ME ABOUT A VIDEO OR A STRANGE INBOX MESSAGE, IT'S NOT ME!
Hackers are busy on Facebook. They are posting insulting messages on the walls of your friends with your regards without you knowing about it. They are also sending out X-rated pictures. If you receive one of those messages in my name, it isn't from me. I would NEVER disrespect any of my FB friends! Put this on your wall and warn your friends. Share the news! And please tell me if something is on your wall that is supposed to have come from me
The message is, of course, nonsense and users should not repost the warning.
We have not seen any evidence that hackers are able to post content to a compromised Facebook wall that the owner of the account cannot see.
The fact that the bogus warning tells you that it’s invisible to your eyes just adds to the panic, of course.
Yes, scammers have often posted thumbnails of what appear to be pornographic videos to compromised Facebook users’ walls, but we have never seen any incidents where the post was *invisible* to the user.
Although a hoax is nothing like as bad as a piece of malware squirming its way between users and stealing information, it’s still a nuisance, clogging up communications, increasing the overall level of spam and perhaps leading people to make bad decisions.
There’s an important lesson here – don’t believe everything you read on the internet, and think twice before you pass a story on to your friends.
Keep your wits about you and stay informed about the latest scams, hoaxes and malware attacks spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where more than 140,000 people regularly share information on threats and discuss the latest security news.
