This morning I had an email warning from from facebook due to an autopost failure from a WordPress blog:
Array (  => Array ( [date] => 2016-01-16 12:18:48 [act] => Error [msg] => -=ERROR=- Array ( [Warning] => [Error] => Your message couldn’t be sent because it includes content that other people on Facebook have reported as abusive. ) [extInfo] => | PostID: xxxx – Iran: “American sailors started crying after arrest” |im [type] => E [nt] => Facebook – BlogName ) )
Very odd as this blogger is very cautious on the content of posts, as they are often targeted for mass reporting, to leverage FaceBook’s automated blocking/banning feature, where they act on the reports if there are enough of them without manually checking if their valid. But this post really was benign, so I went to share the post manually, and I was surprised to see this warning.
The content you’re trying to share includes a link that our security systems detected to be unsafe:
Please remove this link to continue. If you think you’re seeing this by mistake, please let us know.
Unsafe? how? well it’s true that a PNG can carry malware, incredibly rare but doable, of course if this is the case this concerned me doubly, how did the anti-virus software on the bloggers machine not pick it up as any AV software should, and secondly, how could the firewall have missed it, as even from a whitelisted IP, it should never allow that.
So I looked at the raw code in the PNG, malware sticks out like a sore thumb, tagged onto the end of the file, being pretty much the only clear text when you open in a text editor. Nothing there, so possible that some unusual combinations of characters in the PNG code match some part of a known virii signature, so I scanned here which checks 66 AV databases.
So I made a report to FaceBook, and luckily within a couple of hours the block was lifted.
Posting this now incase we start to see more of this, while this may not be an attempt at censorship, this can’t be due to mass reporting, as there is just no option to report an image as having malware on facebook, many other options, but not that, the simple reason being, it would be so simple for them to scan the image on upload, which I have confirmed they do.