New Facebook click-jacking scam spotted

Powered by SC Magazine
 

Phony "like" attacks continue to plague social networking service.

Security researchers have spotted a new 'click-jacking' web scam on Facebook.

This week, security vendor Sophos issued a warning to users over what the company describes as a "likejacking" attack which spreads through the site's news feed and 'like' feature.

The attack appears as a link to a web page offering photos of the "101 hottest women in the world." Upon clicking the link the user is presented with a page which, when clicked, forwards the user to a third-party site.

In the process, however, the page also accesses the user's news feed without notification.

Clicking on the page activates the 'like' feature on Facebook which allows users to share pages. The page then appears on the news feeds of the victim's connections, spreading itself to a new crop of potential targets.

No actual malware code is installed to the user's system and the updates can be manually removed from the user's status feed.

According to Sophos senior technology consultant Graham Cluley, the scam is aiming to make money through generating advertising traffic, a process commonly referred to a 'click-jacking.'

The operation is not the first click-jacking attempt to spread via Facebook, and Cluley warned that the company needs to step up security measures if it want to slow the spread of similar operations.

"Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms," Cluley wrote in a blog posting.

"The social network should tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers."

Copyright ©v3.co.uk


New Facebook click-jacking scam spotted
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1084

Vote