New Facebook click-jacking scam spotted

Powered by SC Magazine
 

Phony "like" attacks continue to plague social networking service.

Security researchers have spotted a new 'click-jacking' web scam on Facebook.

This week, security vendor Sophos issued a warning to users over what the company describes as a "likejacking" attack which spreads through the site's news feed and 'like' feature.

The attack appears as a link to a web page offering photos of the "101 hottest women in the world." Upon clicking the link the user is presented with a page which, when clicked, forwards the user to a third-party site.

In the process, however, the page also accesses the user's news feed without notification.

Clicking on the page activates the 'like' feature on Facebook which allows users to share pages. The page then appears on the news feeds of the victim's connections, spreading itself to a new crop of potential targets.

No actual malware code is installed to the user's system and the updates can be manually removed from the user's status feed.

According to Sophos senior technology consultant Graham Cluley, the scam is aiming to make money through generating advertising traffic, a process commonly referred to a 'click-jacking.'

The operation is not the first click-jacking attempt to spread via Facebook, and Cluley warned that the company needs to step up security measures if it want to slow the spread of similar operations.

"Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms," Cluley wrote in a blog posting.

"The social network should tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers."

Copyright ©v3.co.uk


New Facebook click-jacking scam spotted
 
 
 
Top Stories
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  66%
 
Advanced persistent threats
  4%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1371

Vote