Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.
The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a "Like" button to pass the message onto their online friends.
A typical message looks as follows:
Baby Born Amazing Effect - WebCamera
Big Baby Born !
(Note: I have obscured the thumbnail used in the messages, as some may find it offensive because of its err.. anatomical nature.)
The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on.
The pages are headlined: "Baby Born Video - Amazing Effects".
See the message at the bottom of the page? It reads:
If Play Button don't work please click on the Like button and Confirm, then you can watch the Video.
It's at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you "Like" the link, and sharing it with your friends. In this way the link spreads virally.
As regular readers of Sophos's Facebook page will know, scams like this have been seen on far too many occasions. It's a crying shame that Facebook's own security measures don't warn about this particular clickjacking attack.
If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:
Unfortunately, thousands of Facebook users appear to have fallen for the scam - and are helping the links spread rapidly across the social network.
Here's how you can clean-up your Facebook page.
Find the offending message on your Facebook page, and select "Remove post and unlike".
Unfortunately that doesn't completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don't want to "Like".
If only folks were more careful about the links they clicked on when using Facebook.
If you're on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.Follow @NakedSecurity