New Facebook click-jacking scam spotted

Powered by SC Magazine
 

Phony "like" attacks continue to plague social networking service.

Security researchers have spotted a new 'click-jacking' web scam on Facebook.

This week, security vendor Sophos issued a warning to users over what the company describes as a "likejacking" attack which spreads through the site's news feed and 'like' feature.

The attack appears as a link to a web page offering photos of the "101 hottest women in the world." Upon clicking the link the user is presented with a page which, when clicked, forwards the user to a third-party site.

In the process, however, the page also accesses the user's news feed without notification.

Clicking on the page activates the 'like' feature on Facebook which allows users to share pages. The page then appears on the news feeds of the victim's connections, spreading itself to a new crop of potential targets.

No actual malware code is installed to the user's system and the updates can be manually removed from the user's status feed.

According to Sophos senior technology consultant Graham Cluley, the scam is aiming to make money through generating advertising traffic, a process commonly referred to a 'click-jacking.'

The operation is not the first click-jacking attempt to spread via Facebook, and Cluley warned that the company needs to step up security measures if it want to slow the spread of similar operations.

"Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms," Cluley wrote in a blog posting.

"The social network should tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers."

Copyright ©v3.co.uk


New Facebook click-jacking scam spotted
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 894

Vote