Facebook users are being hit by yet another clickjacking worm attack that is exploiting the third-party "Like" button facility (dubbed "likejacking" by Sophos).
Many Facebook users' profiles have been updated by the clickjacking attack to say that the user likes a webpage called
:|:| 101 Hottest Women in the World :D :|:|
If you are curious as to what your online friend "likes" and click on the link you are taken to a webpage containing an image of Hollywood actress Jessica Alba.
Sophos detects the page as Troj/Iframe-ET.
Clicking anywhere on the page will - if you are logged into Facebook - update your Facebook page without your permission to say that you also "Like" the page. You are probably oblivious to this, of course, as by now your web browser has been redirect to pictures of attractive female celebrities on the website of men's magazine Maxim.
It's quite startling how well these "likejacking" attacks can spread via social networks like Facebook.
By hiding an invisible button under your mouse, the hackers are able to capture your click wherever you click on the webpage. So your mouse press is hijacked and secretly clicks on a button which tells Facebook that you 'like' the webpage instead.
Why are people creating clickjacking worms like this? The answer is simple - to make money. The site is part of the CPALead advertising network, popping up a survey asking for personal information, and helping to generate revenue for those behind this scam.
Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms. The social network should tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers.
After all, this isn't a new problem. In recent weeks we have seen clickjacking attacks on Facebook pretending to be naked pictures of a female rock singer, jokes, and even interesting ways to eat a banana.
It's perhaps no surprise that many people (well, guys at the very least) are all too happy to click on a link which promises to show them pictures of the 101 hottest women in the world.
If you believe you may have been hit by this attack, view the recent activity on your news feed, check your recent activity, and delete entries related to link. You may also be wise to warn your friends if they might have followed your lead and also clicked on the link.
If you're regular user of Facebook, you should join the Sophos page on Facebook to be kept informed of the latest security threats.Follow @gcluley