There’s a very nasty little infection spreading through Facebook…
No one yet knows if it’s a standard-issue click-jack attack (which we see all the time) or a server level attack by the group that promised to destroy Facebook 2 weeks ago.
It will cause the accounts of infected individuals to auto-publish extreme pornography, animal brutality and violence into your stream… right in front of your eyes (and potentially those of your children).
This does not appear to be the “usual” porn-auto-posting infection that has made the rounds before and is a lot less brutal.
At the moment the best you can do is treat it as a standard click-jack attack and remember that you should NEVER touch links that are suspicious (which is actually a lot more than the average person believes).
I would also use extreme care, if you SEE these photos in your stream, to not click them! (I hope that goes without saying, but I’m saying it.) Curious children could easily infect their own account.
Following those basic guidelines is still keeping most relatively safe but as we all know the general public doesn’t “get that”.
Facebook is aware of this and is actively trying to put a stop to it (this is not as easy as it sounds).
If you see an account (a friend) publishing this stuff, be sure you contact them directly, NOT as a reply to the infected post, and let them know they need to enable HTTPS for Facebook and to change their FB password.
Some additional information: http://nakedsecurity.sophos.com/2011/11/15/facebook-hardcore-porn-violence-and-animal-abuse-images/
Here’s six signs a link on Facebook is Infected to help you get a “feel” for common red flags (most also apply to twitter etc).
Be safe! And please spread the word!
Taking The Headaches Out of Internet Marketing
PS: [FollowUp] It turns out that this was one of the types of hijackings we see that ask users to copy-paste a string of code into their browser bars. Generally this is to “get something cool”. Let me be clear here, with very few notable exceptions (one is the select all friends script), that is always HIGHLY dangerous. If you are ever asked to copy paste code stuff into your URL field, run away!