A clickjacking worm spread quickly across Facebook earlier today, tricking users into posting it to their status updates.
The worm, which some have dubbed Fbhole because of the domain it points to, posts a message like the following:
try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=<random number>
Clicking on the link would display a fake error message that would trick you – through a clickjacking exploit – to invisibly push a button that would publish the same message to your own Facebook status update. We’ve seen clickjacking exploited by hackers before in attacks on social networks, for instance in the “Don’t click” attack seen on Twitter in early 2009.
The good news is that’s effectively it. Rather like the “Don’t click” Twitter attack, it appears that this latest Facebook security scare was more motivated out of mischief than money.
More information about the attack can be found on the blog of our friends at F-Secure. F-Secure’s Mikko Hypponen reports that he was able to telephone the number associated with the fbhole.com website and the site was taken off-line 15 seconds later. Nice one Mikko.
Should we be surprised by this latest attack via Facebook? I don’t think so. One of the key findings of Sophos’s 2010 Threat Report was about the astonishing 70% rise in reports of malware attacks via social networks. Facebook, in particular, was named the riskiest of the social networks by survey respondents.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you’re a fan of Facebook, you might want to join the Sophos page and ensure you are kept up-to-date with the latest security news.