Facebook clickjacking: Malware takes on new Italian disguises

Filed Under: Clickjacking, Facebook, Malware, Social networks, SophosLabs

Non-English speaking Facebook users shouldn't be fooled into believing that they are somehow immune from the scams and attacks that plague the social networking site.

The latest few campaigns seen by SophosLabs, for instance, target Italian users of the social network.

Coke-related scam on Facebook

COCA COLA: Dopo aver visto questo video non berrò più coca cola. Svelata la ricetta segreta. Guarda il video verità

Which translates as:

COCA COLA: After watching this video you won't drink Coca Cola. The secret recipe revealed. Watch the video truth

Big Brother-related scam on Facebook

Cacciati Annalisa e Vito da AMICI per aver schiaffeggiato la Celentano, ECCO IL VIDEO INEDITO DEL PUGNO IN FACCIA

Which translates as:

Vito and Anna expelled for having slapped Celentano. FRIENDS, HERE IS THE VIDEO OF THE PUNCH IN THE FACE

(Update: Naked Security reader Paolo - who by the sound of things probably knows Italian better than us - offers a better translation).

Valentine-related scam on Facebook

LO SCHERZO DI SAN VALENTINO CHE STA FACENDO IL GIRO DEL MONDO! TE RETO A VER ESTA PAGINA PARA 5 SEGUNDOS SIN REÍRTE

Which translates as:

THE VALENTINE'S DAY JOKE THAT IS GOING AROUND THE WORLD! I CHALLENGE YOU TO VIEW THIS PAGE FOR 5 SECONDS WITHOUT LAUGHING

All of these Facebook scams use clickjacking techniques to trick the user into "liking" them. SophosLabs is intercepting the suspicious pages as Mal/FBJack-A.

As with the case of the dirty undressing Italian schoolteacher, Facebook users who aren't using Sophos Anti-Virus can protect themselves from clickjacking threats like this by using browser plugins such as NoScript for Firefox.

NoScript blocking the clickjacking attack

Facebook users can learn how to protect themselves by reading Sophos's recommendations for Facebook security. Or check out the advice in Italian here: Consigli di Sophos per le impostazioni di Facebook.

To keep informed about the latest Facebook security threats, please join the Sophos page on Facebook where we regularly highlight new attacks.

Oh, and it's not just Italian language attacks of course. Naked Security readers have reported similar attacks in Japanese and, interestingly, we have also seen a strange Cyrillic message that is associated with yet more Facebook clickjacking:

Cyrillic clickjacking attack on Facebook

Colourful clickjacking attacks, requiring users to click on a series of rainbow-coloured boxes without realising they're authorising other actions, are nothing new of course.

As more and more criminals discover how successful attacks via Facebook can be, we can expect the tried-and-trusted techniques of the English-speaking world to be cloned elsewhere around the globe.

Take care folks.

, , , ,

You might like

One Response to Facebook clickjacking: Malware takes on new Italian disguises

  1. Paolo Attivissimo · 1249 days ago

    Hi,

    Sorry to nitpick, but the Italian translation is incorrect. "Amici" is the name of a (regrettably) popular Italian reality TV show. A more correct translation would be "Vito and Annalisa expelled from AMICI for slapping [Miss] Celentano. HERE IS THE UNSEEN VIDEO OF THE PUNCH IN THE FACE".

    Keep up the good work!

    Paolo Attivissimo
    Lugano, Switzerland

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.