Facebook Attacks - an in-depth analysis

A STUDY OF MALICIOUS

ATTACKS ON FACEBOOK

Maria Patricia M. Revilla Commtouch, Philippines

October 2011

Copyright is held by Virus Bulletin Ltd, but made available on this site for personal use free of charge by permission of Virus Bulletin

(http://www.virusbtn.com).

http://www.virusbtn.com/

A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA

1VIRUS BULLETIN CONFERENCE OCTOBER 2011

A STUDY OF MALICIOUS ATTACKS ON FACEBOOK

Maria Patricia M. RevillaCommtouch, Philippines

Email [email protected]

ABSTRACT

Social networking sites have, beyond doubt, made it into today’s popular culture. They have apparently become the primary resource for the masses when it comes to socializing for the sole reason that they generally measure up to what the modern populace claim to demand – something fast, easy and accessible. Facebook is a perfect example.

Facebook has become undeniably popular. With 600 million users to date, it could be considered to be the most widely used social networking site in the last decade. People patronize Facebook for its simple, but rather functional features, which range from public messaging through wall posts and private messaging, to sharing photos, videos and URL links, to gaming, and even marketing and advertisements. It even makes a good online outlet for thoughts in the form of ‘status updates’ which can be changed as often as one wishes.

With its popularity and effectiveness, Facebook has also become a hot spot for attackers. Over the years, social engineering has been reported to effectively spread malicious programs which are hard to prevent, especially granted that they are designed to trick human thinking.

This paper will seek to study the social engineering attacks that have been identifi ed to spread malware through Facebook. By tracking down the distribution methods/mechanisms for spreading malware, and the current preventive and defensive measures, this paper aims to give an insight into the challenges that are being faced in terms of protecting users.

INTRODUCTION

Facebook has become enormously popular, reaching over 600 million users to date [1]. Users have increasingly integrated social networks into their lives, spending a reported 700 billion minutes per month on Facebook [2]. Every 20 minutes approximately 24,857,000 actions are performed which may be broken down into:

10,208,000 comments made

2,716,000 photos uploaded

2,716,000 messages sent

1,972,000 friend requests accepted

1,851,000 status updates

1,587,000 wall posts

1,484,000 event invites

1,323,000 tagged photos

1,000,000 links shared

Table 1: Facebook activity statistics onlineschools.org [3].

The popularity, number of subscribers, and level of activity have made Facebook an attractive tool for attackers who use social engineering in order to spread malicious content or earn money unethically. Over the years, social engineering has been enormously effective as it succeeds in convincing users to unknowingly act in the interests of cybercriminals. Spam and email scams have been used to deceive users, for example, offering seemingly legitimate employment, while putting victims to work as money mules who unwittingly help launder stolen funds. It has also been used as a tool to start and force the spread of worms by including attachments disguised as normal documents.

The use of fake fi le icons such as those used for Windows folders, Word documents, text fi les, media fi les and others are a subtle form of social engineering, letting users think that a malicious application is just a normal document. Instant messages on Yahoo! or MSN use convincing phrases promising must-see pictures or videos to trick users into clicking malicious links that may point to phishing sites or rogue software. Rogue software or fake anti-virus products are themselves a form of social engineering. By scaring users with ‘detected’ malware, they convince them to pay for products that they believe will actually help them remove the ‘infection’. Sophisticated social engineering attacks use emotion and human desires to trick users. Protecting users from themselves is a tough job and it is something that a computer cannot really do.

In 2008, the Koobface worm spread through social networks, including Facebook (where its name came from). It may be considered to be one of the most successful worms as new variants are still being encountered – over 20,000 variants [4] by April 2011. Aside from the Koobface worm, there have been other forms of attacks – clickjacking, phishing, spams, scam messages, links to rogue applications, and others that help cybercriminals earn money. It is certainly alarming to see how these forms of attack have increased.

Based on the number of active users and activities performed by Facebook users, it is clear that Facebook has become an effective social networking site with people benefi ting from its integrated functionality such as photos and messaging. At the same time, attackers have successfully taken advantage of this functionality to turn Facebook into a channel for spreading malicious content. Even a small percentage of compromised users would equal a large attack base given the number of active users on the site.

Security companies have developed tools and have improved scanners to detect and prevent intrusion of malicious programs. Solutions range from single fi le detection to generic and heuristic detections, and even cloud-based technologies. As these protection technologies have improved, attacks have grown more sophisticated in an attempt to evade new and existing security measures. Attackers usually take advantage of commonly used software and/or popular sites combining social engineering with exploits of vulnerabilities in programs like Adobe Reader or Internet Explorer. Our observation is that attackers have achieved the most success in bypassing security measures by employing sophisticated social engineering methods.

This paper will focus on analysing social engineering attacks on Facebook and will try to present the preventive measures the industry has provided to users, defensive measures/tools that are available for users, and the challenges faced in preventing users from becoming victims.


2 VIRUS BULLETIN CONFERENCE OCTOBER 2011

THE PROBLEM – FACEBOOK SOCIAL ENGINEERING ATTACKS

A trusting user in a social network environment wouldn’t suspect that a friend (deliberately added to a friend list) would send any harmful content. This trust turns a very popular and widely used social networking site like Facebook into a huge opportunity for attackers. Users are drawn to action by ‘friends’ – following a message, links, or an invite – without suspecting that this will undermine security.

Worms: Koobface and Palevo

The Koobface worm has been around since 2008 [5]. It was fi rst encountered through Facebook messages that enticed a user to view a video from a link that looked as though it came from YouTube. Alluring messages like, ‘You must see it!!!...’, were the fi rst step of its social engineering tactic. Users who clicked on the link were prompted to download newer versions of Adobe Flash Player – the second part of the social engineering attack. The downloaded fi le ‘codecsetup.exe’ was actually not an Adobe Flash Player, but a malicious executable. Once the executable is installed, the infected machine turned into a bot used for spreading more messages with malicious links and for other malicious purposes.

Later, when users became aware of a worm that spread using a fake YouTube-like video, a new variant was encountered which used a Blogspot link sent through messages of friends [6]. The message had the same video-related theme, but the changed destination to a Blogspot link reduced the suspicion. The Blogspot pages included JavaScript redirects to pages again requiring the installation of a so-called video playing component (as with the initial version). As before, the ‘video playing component’ was in fact a malicious executable. In this case, the infected machine opened new Blogspot accounts and distributed the malicious links to friends. Figures 1 and 2 show some examples.

Figure 1: Blogspot post example (1).

Figure 2: Blogspot post example (2).

Palevo is another worm that has been known to spread through social network chat messages or instant messages including Facebook [7]. This worm has exploited Facebook chat and Facebook application functionality. It tried to spread by sending chat messages to friends and disguised

itself as a photo album application. Following the link to the fake application, the user was prompted to download the fi le ‘FacebookPhotos#####.exe’, which is the malicious executable. Newer variants used different fi lenames such as ‘Facebook-pic[number].exe’ (e.g. Facebook-pic000751357.exe) [8].

Clickjacking

Another type of social engineering attack is clickjacking. This method tricks a user into allowing a malicious script or a code to execute without his knowledge by enticing the user to click on seemingly normal objects on a web page, such as buttons, links, or images. On the Facebook platform, attackers were able to fi nd ways to exploit some of its functionalities such as the ‘Like’, ‘Publish’, and ‘Comments’ buttons when writing comments on photos, videos or links.

A worm that spread on Facebook through a clickjack attack was successfully executed using an invisible IFrame. It basically exploited the ‘Publish’ button that posts a link to the user’s wall. The link points to a page that contains an invisible IFrame shown in the code in Figure 3 (from jsunpack.jeek.org).

The user is unaware that a click anywhere on the page is actually a click on the ‘Publish’ button. This results in a post on the victim’s wall, which will then be seen by the victim’s friends, probably causing them to click as well, and in this way continuing the spread of the malware. This worm was fi rst reported by F-Secure in May 2010 [9].

Following this attack, a lot of other clickjack attacks followed by exploiting the famous ‘Like’ button, also known as a ‘likejacking’ attack. When a user ‘likes’ a certain page, video, photo or a website on Facebook, it enables the user to share this content with friends. It’s almost the same as suggesting it to friends as the liked page appears on the user’s newsfeed causing friends to see it and probably to click it themselves. This attack works especially well when the link has a descriptive text specially crafted to attract users, such as messages promising a ‘video of Justin Bieber’, or ‘pics of Miley Cyrus’, or any current newsworthy event [10]. An example of the actual code used for this attack is shown in Figure 4 (from pastebin.com).

The code basically uses the same method as an invisible IFrame which follows the user’s mouse. Any click on the page will be a click on the ‘Like’ button, without the user’s knowledge.

Another attack exploited the ‘Comment’ functionality. Once a user ‘comments’ on a photo, a video or a link on Facebook, it will appear on the user’s wall or newsfeed, causing friends to see it and, as before, probably attracting them to see and click on it as well. Here again, the messages included text with famous names such as Justin Bieber. Clicking on the link led to a page with a question and text entry box for the answer. The text box was actually a Facebook comment box which would result in the posting of a comment on the victim’s wall, or a message on the victim’s newsfeed, causing it to be shared and seen by the user’s friends. This attack was reported by Sophos in April 2011 [11].

Scam and spam messages on Facebook

Facebook has also become the target of scammers and spammers. Unethical and illegal advertisers have predictably



taken advantage of the large number of Facebook users. One method of scam and spam has spread on Facebook through a manual cross-site scripting (XSS) attack (also called a self-XSS attack). The concept of an XSS attack is not new, but the interesting thing here is the social engineering used that convinces the user to manually enter the malicious script in the browser address bar. The topics were varied [12, 13]:

• Promises of 500 free Facebook credits (something that does not exist)

• An application to see who had been viewing a user profi le

• Video of Osama Bin Laden’s assassination.

These all led to pages with instructions such as these:

Just follow these 3 steps:

1. Copy this code (highlight and press CTRL-C):

javascript:(a=(b=document).createElement(‘script’)).src=’//[omitted]/f.js’,b.body.appendChild(a);void(0)

2. Delete the actual address from the url fi eld in your browser and paste the code instead.

3. Press Enter and wait for a bit, it can take up to a minute to complete.

That’s it!

If you are having trouble with these instructions, try viewing the instructions here: http://[omitted].info/?sg2lq

it’s where I learned it

Attackers even provided step by step image guides showing how to perform the self-XSS attack, as shown in Figures 5 and 6.

It is quite remarkable that there are users who fall for scams which require them to manually copy and paste code into their browser’s address bar. Once the code has been pasted as per the instructions, the user is redirected to a ‘survey page’. This is an affi liate link where rogue affi liates earn money for bringing users to partner sites. At the end of the survey page,

a user ends up viewing ads that are not really related to the subject of the link that they originally clicked. Most of these focus on methods to earn easy money, earn points/credits, view gossip or the latest news and events, and others. Having hijacked the user’s Facebook session, the script also sends the scam messages through almost all means of reaching out to a victim’s friends including: chat, wall posts, status updates, event invitations and private messages. It also makes use of shortened URLs in order to avoid immediate suspicion from users.

Figure 7 shows an example of a fake event invitation. Notice that the subject is ‘Offi cial App: See Who has Viewed your Profi le? Find out here! [bad shortened link]’. Many users will notice that this doesn’t really sound like an ‘event’, but the idea is to catch the user’s attention and draw them into following the link.

An example of spam code shown in Figure 8 illustrates how the messages continue to spread widely. The code uses an obfuscation technique to hide the routine using encoded function calls stored in an array of variables – in this sample,

Figure 3: Clickjack sample using IFrame tag (1).

Figure 4: Clickjack sample using IFrame tag (2).

Figure 5: Self-XSS instruction to users (1).

Figure 6: Self-XSS instruction to users (2).



var _0xb65. Looking at the rest of the code gives us a clue as to its real purpose since it uses the XMLHttpRequest API, which is used for sending HTTP or HTTPS requests directly to a web server.

Decoding the variable _0xb65 reveals what the routine is all about (Figure 9).

Basically, once the script is executed, messages will be sent to the victim’s friend with texts based on the variables settings in the code as shown in the additional code below. Aside from posting a message the script will also make a comment on the posted message and will also ‘like’ the post it created (Figure 10).

Figure 11 shows how the resulting post, comment and message will look.

Figure 8: JavaScript spam code (1).



Figure 7: Fake Facebook event invitation.



Figure 11: Resulting post made by the spam code.

Money-mule and credit card scams

Money-mule scams have also made their way into Facebook. As with other platforms, scammers attract people with promises of easy money. Money-mule recruitment usually starts with Facebook groups (which can be started by any Facebook user). These groups often attract large followings because people do not know what they are getting into [14].

Other frauds have also appeared, such as credit card scams. These start with messages designed to attract users by proposing ‘money-making jobs’, or books about ‘how to earn big money’, ‘how to win the Lotto’, or ‘guides on how to be attractive’. The example in Figures 12 and 13 shows the fi rst part of such an attack using an ‘easy money making’ Facebook group. Some of the posts on the group’s wall are products being sold, relating to books for winning the Lotto or attracting women (Figures 14 and 15).

Figure 12: Scam group page sample (1).

Figure 13: Scam group page sample (2).

Figure 14: Scam post sample (1).

Figure 15: Scam post sample (2).

Following the links leads to the sites shown in Figures 16 and 17, enticing users by promising results as well as a discount when they buy the product.

Figure 16: Scam post advertisement sample (1).

Figure 17: Scam post advertisement sample (2).

Once a user accepts the offer, the payment is made via a credit card transaction as shown in Figures 18 and 19.

Figure 18: Payment scam sample (1).

Figure 19: Payment scam sample (2).



The site ‘complaintsboard.com’ shows that the site seems to be a fraud or a scam (Figure 20).

Figure 20: Complaintsboard complaint comments.

Fake email notifi cations – more scam, spam and malware attachments

Spammers promoting pharmaceutical products have also used Facebook as an opportunity. Fake Facebook email notifi cations trick users into clicking links leading to online pharmacy sites [15]. An example of a fake email notifi cation is shown in Figure 21.

Figure 21: Fake Facebook email notifi cation leading to online pharmacy site.

Following the link leads to the pharmaceutical store page shown in Figure 22.

Figure 22: Pharmaceutical store page.

Lottery scams have also been very common, using fake email notifi cations describing surprise lottery wins such as the ‘Facebook Africa Jackpot Promo’ shown in Figure 23 [16].

Figure 23: Facebook lottery email scam.

Figure 24: Fake Facebook email password notifi cation (1).





The email has all the signs of an advance fee fraud scam, promising a huge sum of money, requesting detailed personal information, and requiring secrecy.

Malware writers have also taken advantage of fake Facebook email notifi cations. Emails include subjects relating to: ‘Facebook Abuse Department’, ‘Facebook Security’, and others (Figure 24).

In the examples shown in Figures 25 and 26, variants of the malware detected as Ofi cla (aka Bredolab) are sent as attachments with the email describing a password reset due to spam. Subjects include, ‘Spam from your account’.

The attachment names include: ‘Attached_SecurityCode.exe’, ‘Facebook_DOCUMENT.EXE’ and ‘Facebook_PASSWORD.EXE’. These are all malware executables that use misleading fi le icons in addition to their misleading fi le names. The use of trusted icons is a common social engineering tactic to trick a user into executing the malware fi le. Below are examples of the Ofi cla executables with misleading fi lenames and icons:

Figure 27: Ofi cla attachment fi le (1).

Figure 28: Ofi cla attachment fi le (2).

Phishing

Genuine Facebook user accounts are very valuable for cybercriminals since they provide them with access to a trusting network of friends. Facebook users have therefore become a natural target for phishers. Many fake pages have been launched (fed from fake email notifi cations) in order to steal users’ login information. Cybercriminals can then use these stolen accounts for many of the malicious purposes described in this paper. Attackers have become skilled at mimicking the actual Facebook login page, as in the example shown in Figure 29 [17].

Figure 29: Facebook phishing page sample.

According to PhishTank.com statistics [18], Facebook has consistently been in the 10 top sites targeted by phishing. From September 2009 until March 2011, 11,211 counts of phishing attempts were recorded (Figure 30).

Fake applications

Many Facebook users enjoy Facebook applications and games that exist within the social network such as FarmVille and CityVille, and attackers have also taken advantage of this functionality. The problem with applications on Facebook is that they have the ability to access some or all of the user’s profi le information. Rogue applications can therefore post messages on a friend’s wall, send messages, and even extract information from user profi les to be used for any malicious purpose. Attackers usually use catchy subjects such as: ‘who viewed your profi le’. A further issue is that the verifi cation process for application writers is relatively simple.

PREVENTIVE MEASURES

Prevention is always better than cure. The trusted network nature of Facebook has made some cybercrime much easier. On the other hand, Facebook has improved its security measures and settings to protect its users. These measures have included partnerships with security organizations to help improve the site’s security tools. Although these systems are not perfect, they are worth noting as they do contribute to user security.

Spam, scam and clickjack prevention systems

Facebook has implemented security checks in order to protect users from phishing attacks. In the example below it was able to detect an attempt to log in from a page outside Facebook. When a user tries to visit a page that does not belong to Facebook, but requires a login to Facebook, the warning message below appears:

Figure 31: Security notice from a login attempt outside Facebook.

Figure 30: Facebook phishing sites statistics.



In the example in Figure 32, the mechanisms were also able to detect a suspicious phishing site that used a shortened URL. An example of a warning message is shown.

Figure 32: Facebook suspicious link warning.

In some cases, Facebook security tools are able to check and prevent spammers and scammers from creating fake user accounts. Examples of some of these security checks are shown below:

Figure 33: Account security check (1).



CAPTCHA verifi cations are designed to prevent automation of account creation by non-humans. When this CAPTCHA verifi cation pops up, a user can optionally verify an account in order to avoid CAPTCHA verifi cations in the future. This verifi cation requires a phone number. These checks are helpful, but they open the issue of user privacy and sharing of sensitive information. Security check messages may also pop up in some cases of clicking the ‘Like’ button of certain group pages.

Facebook has automated the detection of suspicious ‘like’ behaviour, which can prevent a clickjacking attack. This is good on some level, however, in cases where the behavioural pattern of a clickjacking attack changes, then chances are that new attacks might slip through [19].

Facebook has also automated detection and blocking of suspicious content including giving warnings why certain content has been blocked. Using information from user reports and common patterns of spam and scam behaviour they have been able to prevent users from opening and accessing malicious content [20]. However, spam writers continually try to evade spam detection systems. For instance, one script included the following code:

Figure 36: JavaScript spam code.

A common indicator of a spammer account is of course the large number of messages sent. In the code above, the variable nfriends is actually the number of friends the spam and scam messages will be sent to. Although it seems strange that messages are sent to only 15 of the victim’s friends (as opposed to all the victim’s friends), this is one way of trying to avoid detection based on the volume of sent messages. In addition, in order to avoid detection based on message content, the encoding of some characters of the words inside the message body has been altered.

Facebook apps

As described above, malicious apps have access to the user’s profi le information and can take control of some actions such as posting on walls. As of this writing, an app creator must fi rst verify an account by supplying a phone number or credit card number. The image below shows the verifi cation pop-up window:

Figure 37: Facebook verifi cation on application creation.

This is helpful to a degree. After supplying the information, an application can be created for the Facebook platform. The problem here is that, after the account has been verifi ed, the developer can instantly publish any application without going through some approval from the Facebook team. Therefore, any malware writer can write an application on the platform and publish it without going through any security check.

Facebook security settings

Facebook has enabled secure browsing by implementing HTTPS on its platform. This adds protection and prevents hackers from being able to steal identity information while it is in transit – especially when a user logs in from a public place such as a coffee shop or library. However, this security option is not enabled by default.



Figure 38: Facebook HTTPS browsing setting.

Another security tool is the Facebook activity monitor that enables remote logout. A user can see the latest activities in his account by checking the Account Settings which include an indication that the account is active through a different location or device. The screen below shows a single account signed in on different computers. The user may end any active login from a different computer or location that he is not aware of. This is helpful in tracking if someone else is using an account.

Figure 39: Facebook activity monitor.

Facebook security and safety page

Educating users about Internet safety is another important preventive measure – particularly since most of the attacks rely on social engineering. The Facebook security page provides:

• Information such as how to protect a user account, and how to take action when an account has been compromised and used for sending scams or spam.

• Information about the threats that a user may encounter on Facebook and helpful tips to avoid scams, spams, hacks and malware that may be spreading on the platform.

• A way of reporting a possible security vulnerability allowing Facebook to work on improving security measures.

• A safety page that explains Facebook as a community in which everyone has a shared responsibility of keeping it as a safe environment. This gives an insight for parents, teens and teachers who are using Facebook and helps them understand the environment as well.

Security blogs

There continue to be numerous blog posts written about Facebook threats. Commtouch’s security blog and those of

other anti-virus companies can enlighten customers about new threats that are found on the social network. Many of these blogs are very illustrative and informative, allowing users to easily understand, and be aware of the types of threats they might encounter on Facebook. These also provide tips on strengthening security and account settings.

DEFENSIVE MEASURESFacebook generally blocks known malicious content or pages that are reported to it. Facebook reporting tools include links such as ‘Mark as Spam’ and ‘Report/Block this Person’.

Another defence available to end-users is a locally installed security product, such as URL and spam fi ltering software, and an anti-virus product. Anti-virus fi rms have also responded to the new threats by ensuring detection of new variants of Facebook worms, Ofi cla, and the increasing number of malicious scripts used for spamming. At the same time, security groups have created their own Facebook pages for users to view the latest threats including advice about how to remain secure and protected. Several companies have also released software specifi cally for Facebook.

CONCLUSIONAs it has gained in popularity Facebook has also been increasingly used for malicious purposes, and its name, functionalities and features have been vastly exploited. The security industry is continually working to keep pace with new cybercriminal tricks on Facebook. In addition, Facebook has taken several steps to protect its users while working with security groups in order improve its defence systems and the security tools on the platform.

As shown by the many examples above, attackers employ numerous social engineering tactics to help spread malware, scams and spam. Indeed, the key security problem with Facebook lies in the trusted nature of friend connections which are so easy to exploit with social engineering. Education of users is therefore a key part of enhancing Facebook security.

ACKNOWLEDGEMENTSI would like to express my sincere gratitude to Commtouch VirusLab and to the hands of the people that God used to make the completion of this paper possible: Robert Sandilands, Rommel Ramos, Avi Turiel, Rebecca Herson, Catherine Lor and Jinky Suarez. And whatsoever ye do, do it heartily, as to the Lord, and not unto men; – Colossians 3:23.

REFERENCES[1] http://www.socialbakers.com/Facebook-statistics/

?interval=last-week#chart-intervals.

[2] http://www.Facebook.com/press/info.php?statistics.

[3] http://www.onlineschools.org/blog/Facebook-obsession/.

[4] http://blog.Facebook.com/blog.php?post=68886667130.

[5] http://www.kaspersky.com/news?id=207575670.

[6] Commtouch Trend Report 2010 Q4. http://www.commtouch.com/download/1934.



[7] http://blog.commtouch.com/cafe/malware/malware-spread-via-Facebook-chat/.

[8] http://nakedsecurity.sophos.com/2011/01/09/Facebook-photo-album-chat-messages-spreading-koobface-worm/.

[9] http://www.f-secure.com/weblog/archives/00001955.html.

[10] http://athansj.blogspot.com/2011/03/Facebook-likejacking-attack.html.

[11] http://nakedsecurity.sophos.com/2011/04/30/Facebook-comment-jacking-omg-i-cant-believe-justin-bieber-did-this-to-a-girl/.

[12] http://blog.commtouch.com/cafe/malware/500-free-credits-from-Facebook-%E2%80%93-malware/#disqus_thread.

[13] http://blog.commtouch.com/cafe/malware/%E2%80%9Cosama-bin-laden-dead-%E2%80%93-actual-video%E2%80%9D-new-Facebook-malware/.

[14] http://www.thenewnewinternet.com/2010/06/01/Facebook-used-to-fi nd-money-mules/.

[15] http://blog.commtouch.com/cafe/spam-favorites/spammers-vote-Facebook-%E2%80%93-%E2%80%9Capplication-of-the-year%E2%80%9D/.

[16] http://blog.commtouch.com/cafe/anti-scam/harry-potters-magic-money-foundation-and-more/.

[17] http://blog.commtouch.com/cafe/phishing/avoiding-Facebook-phishing/.

[18] http://www.phishtank.com/stats.php.

[19] http://nakedsecurity.sophos.com/2011/03/30/Facebook-adds-speed-bump-to-slow-down-likejackers/.

[20] http://blog.Facebook.com/blog.php?post=403200567130 (spam prevention systems).

[21] http://www.securelist.com/en/blog/208187962/Facebook_money_mule_or_credit_card.

[22] http://en.wikipedia.org/wiki/Clickjacking.

[23] http://www.personalizemedia.com/the-count/.

[24] http://www.Facebook.com/security.

[25] http://www.Facebook.com/blog.php?post=486790652130.



Facebook Attacks - an in-depth analysis

Technology

Transcript of Facebook Attacks - an in-depth analysis