Facebook hit by new clickjacking attack

Multiple reports were made over the weekend of a new Facebook exploit that made it appear a user ‘liked' a page that they did not actually 'like'.

Softpedia warned of a clickjacking worm that forced hundreds of thousands of unsuspecting Facebook users to unknowingly post spam messages on their profiles, using news headlines to lure its victims into the trap.

It warned that clicking on the messages takes users to external pages hosted at blogspot.com, which only display a text that reads ‘click here to continue'. However, clicking anywhere on the page abuses a user's active Facebook session to publish a spam message back to their profile.

Graham Cluley, senior technology consultant at Sophos, said that the trick lures visiting users into ‘liking' a page without necessarily realising they are recommending it to all of their Facebook friends.

He said: “Unfortunately, as we're all too aware, messages such as ‘lol this girl gets owned after a police officer reads her status message' are exactly the kind of content that people will click on on Facebook.

“If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your ‘likes and interests' section.”

Sophos detected the offending web pages as being infected by Troj/Iframe-ET.

Meanwhile, Roger Thompson, chief research officer at AVG, warned that rogue adware installer apps were active and catching victims by taking them to a page where it asks to download software to view a video.

He said: “Bottom line is still that if you ever have to install something to watch a video, don't. Just don't, ok? Oh, and if ever you're asked to login to Facebook (or anywhere else for that matter), please pay attention to the address bar in the browser, and make sure you're at the right place.”

See original article on scmagazineuk.com