Facebook Clickjacking Attack
Jim Gras
A new clickjacking worm is spreading through Facebook via the ‘Like’ feature as reported by Mashable, The Social Media Guide.
The attack, which is said to have hit hundreds of thousands of users, uses a combination of social engineering and clickjacking exploit makes it appear as if a user has “liked” a link.
The messages that are being used in the link text include, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE,” “This man takes a picture of himself EVERYDAY for 8 YEARS!!,” “The Prom Dress That Got This Girl Suspended From School” and “This Girl Has An Interesting Way Of Eating A Banana (banana), Check It Out!”
When a user clicks on the text that appears to be “liked” he is taken to a blank page that just has the text, “Click here to continue.” Clicking anywhere on that page will then publish the same message to that users Facebook page.
This vector is extremely similar to the Fbhole worm that spread across Facebook ten days ago. Because users unwittingly end up recommending the offending page to their social graph, this is the type of worm that can spread extremely quickly.
Security firm Sophos has identified the linked pages as being infected with the Troj/iframe-ET worm. It doesn’t appear as if the worm does anything other than add likes to your feed, but if you’ve been infected, you’ll still want to take action.
Sophos recommends deleting any entries in your news feed related to the links and check your profile and info pages to make sure that no links or pages related to those sites have been added to your profile.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
This is the most definitive article I’ve ever read on the subject. Written without an agenda, the information is laid out and lets the readers come to their own conclusions. Congratulations on a job well done and please continue to cover this.