New Facebook click-jacking scam spotted

Powered by SC Magazine
 

Phony "like" attacks continue to plague social networking service.

Security researchers have spotted a new 'click-jacking' web scam on Facebook.

This week, security vendor Sophos issued a warning to users over what the company describes as a "likejacking" attack which spreads through the site's news feed and 'like' feature.

The attack appears as a link to a web page offering photos of the "101 hottest women in the world." Upon clicking the link the user is presented with a page which, when clicked, forwards the user to a third-party site.

In the process, however, the page also accesses the user's news feed without notification.

Clicking on the page activates the 'like' feature on Facebook which allows users to share pages. The page then appears on the news feeds of the victim's connections, spreading itself to a new crop of potential targets.

No actual malware code is installed to the user's system and the updates can be manually removed from the user's status feed.

According to Sophos senior technology consultant Graham Cluley, the scam is aiming to make money through generating advertising traffic, a process commonly referred to a 'click-jacking.'

The operation is not the first click-jacking attempt to spread via Facebook, and Cluley warned that the company needs to step up security measures if it want to slow the spread of similar operations.

"Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms," Cluley wrote in a blog posting.

"The social network should tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers."

Copyright ©v3.co.uk


New Facebook click-jacking scam spotted
 
 
 
Top Stories
AGL restructure sees CIO depart
Owen Coppage to leave after ten years.
 
Data: Advertising's best frenemy
STW Group's Tom Ceglarek faces a digital conundrum: he must feed his client's demand for performance insights while his industry is being undermined by data analysis.
 
Inside Telstra's multi-faceted cloud strategy
An overview of its own cloud and deals with Cisco, VMware, IBM and NextDC.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  11%
 
No
  89%
TOTAL VOTES: 2116

Vote