Is Facebook now accepting porn ads?

I was pretty shocked when I encountered an adult ad on my Facebook feed. How it got there, though, remains a mystery.

Ever since Facebook went public (and publicly down the toilet, at least in terms of share price) it’s been rolling out new ways to make money. Want to promote your latest personal update? That’ll be $7 please. Want to promote a post on your fan page? That’ll run you $5 to $15 (and presumably much more if you have a lot of fans).

So when I logged on a week or so ago and saw the following Sponsored Ad in the upper right corner of my Facebook page I thought, “is Facebook now accepting adult ads? Really? They must getting desperate.”

facebook-ad-cropped-circled.png

Naturally, I had to explore further. And this is where it got strange. Clicking that semi-literate ad did not bring me to that blog, which does exist but appears to be an abandoned link farm with one very NSFW image on it. Instead, it opened up a new browser window featuring a “short controversial video” – which turned out to be a not-so-short, not especially controversial ad for a book/video tutorial called The Tao of Badass (TTOB).

facebook-ad-a-typical-guy.png

TTOB is yet another in the seemingly endless series of how-to-pick-up-chicks books, this one penned by a scrawny dork named Josh Pellicer. The video goes on at some length – I gave up after about 15 minutes, so I can’t tell you how it ends – but offers tips like this one: If you stare at a woman’s lips while she is talking to you, she will find you irresistible.

(I’m married, and thus retired from the game, but if there are any single guys out there who want to try this out and let me know if that works, that would be great.)

Viewers of the video ad could buy TTOB for the low low price of only $67, plus 9 bonus products worth $2,394. Such a deal. TTOB has a generous affiliate program claiming commissions of up to 75 percent, so clearly this ad was the work of some aggressive affiliate with a less-than-firm grasp on the English language.

Two days later the same ad appeared on a different Facebook page. The next day another ad appeared using a different image, mangled English, and spoofed blog URL, but linking to the same video ad.

I thought, did Facebook change its ad policies to allow this kind of material? So I endeavored to find out. First, I created an ad for a porn site – I picked Sex.com at random, figuring I might as well be as obvious as possible. (Thus prompting my blog post about how much Sex.com resembles Pinterest – see, it was research after all.)

The ad was not salacious in any way, but it still took Facebook’s automated ad approval system less than 10 minutes to reject the ad for violating its ad guidelines. Facebook never tells you which guidelines your ad violated, but I’m guessing it had something to do with the rule against the “sale or use of adult products or services.”

Next I created an ad specifically for The Tao of Badass, linking to the Web site of the same name. This one took Facebook 15 minutes to reject. But I wasn’t done yet. I recreated the first ad I saw – mangled English, original photo and all – and submitted it. I couldn’t figure out how to get that ad to redirect to that video, so it automatically linked to the URL listed in the ad.

facebook-ad2-disapproved.png

This time it took Facebook nearly three days to reject the ad. As a final test, I recreated the second ad I saw. Facebook took four days before it finally rejected my final attempt.

So what exactly was going on? There were only two possibilities. Either Facebook’s ad servers had been compromised, or my system was infected with adware. I’d run a scan with Norton Internet Security, which gave my PC a clean bill of health. But you know how that goes; it doesn’t really mean I’m not infected.

I asked Facebook to weigh in, multiple times, as to what they thought was going on. I am still waiting for their response. I asked folks at three security vendors – Symantec, Sophos, and Avast – what they thought might be causing this. They at least got back to me, though they didn’t entirely agree.

A Symantec spokeshuman said:

“Fact is, it’s possible to inject content onto webpages—threats like Zeus and other financial Trojans use web injects to add additional fields on online banking sites in order to get targets to give out more information. There are even some ad-clicker threats that could be responsible for displaying these ads. It very well could be a result of malware.”

Jindrich Kubec, Virus Lab Director for Avast, concurs, noting that “it’s perfectly possible for malware to alter the pages in your browser,” either by installing a rogue browser add on, a local proxy that redirects traffic, or by injecting code directly into the browser page.

On the other hand, Sophos senior tech consultant and Naked Security blogger Graham Cluley says:

“My first guess would be that this is a genuine Facebook ad that they've accepted onto their system and that they didn't properly vet. I think that's the most likely scenario. It *is* possible for malware to inject adverts into your browser, but I think that's less likely in this case.”

Well, that’s a big help.

I also contacted Badass Ventures, the parent company of TTOB, to see if they knew anything about this. I’m still waiting for a response. Maybe they’re too busy studying women’s lips.

Facebook has had problems with adware before – notably those made by an ad company called Sambreel Holdings. But that adware inserted large, obvious banner ads, and it got installed along with a Facebook app or toolbar. I’ve not installed anything in the last month that would cause my Facebook to go rogue like this. The referral URLs all look normal – or as normal as any of the 1000+ character Facebook referral URLs look.

So I’m mostly left with questions. How did these ads get there? How did someone manage to spoof the URLs inside them? And why did the bogus ads I recreated take so long for Facebook to reject?

If anybody has answers, please ping me. Operators are standing by.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Facebook's 'man in the middle' attack on our data

Making Facebook private won't protect you

How to keep hackers out of your Google, Facebook, and Twitter accounts

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies