Facebook attack tricks users into 'liking' malicious links
Just because your Facebook friend appears to "like" something doesn't mean you should too. Another clickjacking scam has hit Facebook.
Another clickjacking scam has hit Facebook, tricking hundreds of thousands of users to post messages to their pages saying that they like the malicious link, security firm Sophos said on Tuesday.
Like most of these scams, this one relies on social engineering and piques the interest of prospective victims with messages like:
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
Clicking on the links takes the visitor to what appears to be a blank page with just the message "Click here to continue." However, hidden in the page is code called an iFrame. When a visitor clicks anywhere on the page the iFrame publishes the message to the visitor's Facebook page.
"If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links," Sophos' Graham Cluley recommends in his blog post on the attack. "Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your 'Likes and interests' section."
Clickjacking happens in the browser and is operating system-independent. Some browsers, like Firefox, can be hardened through the use of plug-ins like NoScript which has anti-clickjacking technology, Cluley said.
There are more technical details behind the attack in this Sophos blog post which dubs the attack "Likejacking."
Facebook has been notified and the malicious pages have been suspended, according to BitDefender's Malware City blog.
Updated June 2 at 9:28 a.m. PDT to clarify that clickjacking can affect both Windows and Mac.