Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Why is Facebook unable to stop a wave of trojan infections through Facebook ads?
38 points by Fischgericht on Feb 29, 2024 | hide | past | favorite | 21 comments
I am currently getting my Facebook feed flooded with "ads" that claim to be coming from OpenAI and/or Midjourney. These "ads" claim to be containing a "private release" of their new AI technology (Sora and others), and asks the user to follow a link.

That link directly goes to a Google Drive, containing a single RAR file, containing an "Installer". Of course the installer really is a trojan infecting your PC.

How on earth can Facebook be unable to filter this? How can it even be possible to post an ad with Facebook containing a Link to a Google Drive? Don't they do ANY validation of ownership of link targets? On Google Ads for example you can not link to any Domain you haven't proven ownership for.

This is not rocket science. I am not even asking Facebook to run a virus scanner on link targets. But how about disallowing links to Google Drives, or direct links to downloads in general?

Also, how is it possible that Facebook does not do ANY checks on registered trademarks when "advertisers" create accounts? How is it possible that scammers can create account names like "Amazon", "OpenAI" etc? How hard can it be to look up account names in a database of registered brand names?

Just today I have reported five of those "ads" to Facebook, but they keep popping up.

I am flabbergasted that it is SO easy to abuse Facebook to mass-infect users.

Does anyone have any contact to alert anyone with competence at Facebook? Just reporting those ads one by one won't change anything.



I'm no expert, but this question seems similar to: "How is it that telecom companies cannot stop spam robo calls?"

The answer is: they can, but they have a financial incentive not to.

Surely somebody pays for those ads. If Facebook makes money from it, why should they prevent it?

Obviously it's bad for customers, so Facebook balances user outrage against the money they're making. I could see that calculus working out to be "a decent amount of outrage is acceptable."

So here you are, outraged (:


Sure, I understand some advertising networks don't care about scams in general. After all, ads for "the blue pill" are everywhere.

But in this case we are taking about posting a direct link to a virus download. I would assume that THIS would be enough for FB to do something about it...


> Surely somebody pays for those ads. If Facebook makes money off of it, why should they prevent it?

People running ads impersonating pretty large brands can lead to very significant risk for Facebook.


It's particularly bad because Facebook is aggressive about bypassing ad blockers I've installed. My ad blocker is a security measure to protect me against garbage like ads for trojans. Facebook is circumventing my security measure and threatening me with malware.


Crazy idea. Don’t use Facebook?


Delete your FB account.

Probably the best thing I did in 2023.


I've reported Instagram ads that are clearly scams or illegal services but they never get taken down. The ads get reviewed and it's always determined that the content is acceptable.

Maybe companies shouldn't be allowed to grow so big if they end up reaching the point of being unable to deal with certain problems. Smaller companies that were federating content would probably be able to comply more easily with local legislation and regulations, and provide higher quality support.


I reported an ad that was so obviously a deep fake and Facebook said there's nothing wrong with the ad. I guess AI is already favoring AI generated scams. :)


Facebook doesn't favoring AI. Instead, money money money....

Even ads with obvious porn ( Breasts, genitals and intercourse etc. ) on the picture gets through the filter so its pretty clear that money talks.


I report ads on a daily basis to Facebook that are either scams or have malware. They never stop the ads and always say that the ads do not break any of their policies. Clearly Facebook is getting more revenue from these ads than they get selling your data. Facebook doesn't care about its users. They only care about the almighty dollar. Also when hackers take over friends and families accounts Facebook never helps the person recover their account.


Hit the advertiser where it hurts, click on them.

The advertiser needs to pay for every impression of the ad and on every click. Let's say $0.01 for every 1000 view and $0.1 for every click/conversion.

Don't open the RAR file ofc..


The vast majority of users are people sharing stories and photos with each other. A huge cost, and they don't buy ads. The only reason to have them in the first place, economically speaking, is to view ads.


Facebook is long dead to me. Half of the pages I once subscribed to are taken over by bots posting scams and even porn, with graphic thumbnails, yet there is no single filter to catch this, wtf.


I assume all ads are vectors for malware, either for my software or wetware.

Facebook's business model is to make money off of providing the service. Why would they change it?


Because it's how the socials works, the censorship works only for not paying customers


In a nutshell: bad metrics and perverse incentives for engineers. If the only metrics that would move from such a change are ad impressions (these are ads after all) then either nobody will make that change or somebody else will revert it to make Number Go Up again. The metrics that are missing can be as damaging as the ones that exist.


Do you have a link to one of those ads?


Here is one:

https://www.facebook.com/plugins/post.php?href=https%3A%2F%2...

Attention for those who did not read my submission: Do NOT download and execute the exe/msi contained in the RAR file!


Sorry I saw this too late and it’s already gone. Fwiw, we care


Once you report an ad, it's gone from the timeline. I didn't think of saving a link first. Also, I had downloaded one of the rar files with the installer, uploaded it to VirusTotal to verify it's a trojan, but then deleted the RAR.

The next time one of those ads shows up I'll save the link to the add, to the google driver, and keep a copy of the RAR for the unlikely case someone at Facebook cares about this...


Not really aligned, but somehow reminiscent of this other dystopian future of what happens when a platform makes money not on products but on ads https://www.smbc-comics.com/comic/2012-01-12




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: