Facebook has been hit very hard the last few weeks with a never ending onslaught of new scams trying to trick innocent Facebook users. The latest one spreads with the message “I can’t believe a GIRL did this because of Justin Bieber” and links you to a YouTube look-a-like site called FouTube.
Fortunately Sophos customers are protected from being likejacked when using our browser helper object in Internet Explorer. The hidden iFrame is detected as Troj/Iframe-ET. This style of attack is quite old and resembles some of the first likejacking attacks we started seeing earlier this year.
Most Facebook attacks I have looked at recently were rogue Facebook Applications rather than simply liking a web page. This one is quite poorly crafted, yet it is still spreading quite quickly amongst Facebook users who can’t seem to get enough Justin Bieber.
One interesting thing while came up though, the person behind this attack displays an offer to purchase Facebook Groups/Fan pages, apparently to help further spread their malicious scams.
Like most scams this one does not appear to be spreading malware, rather just displaying survey scams and other tricks to get you to subscribe to premium rate SMS services on your mobile phone.
It’s unfortunate that almost eight months after likejacking started becoming common that Facebook has chosen to keep the simplicity of the “Like” feature and not implement a confirmation option that would alert a user who is logged into Facebook that they are endorsing another scam.
If you have accidentally “Liked” this web page you can remove it by visiting your Facebook Wall and choosing to remove your like. As a precaution against likejacking you may wish to logout from Facebook when you are not actively using it. These attacks do not work if you are not currently logged into Facebook.
If you’re a Facebook user and want to keep up on the latest threats and security news why don’t you join the Sophos Facebook page?