Sophos Cloud Optix
Facebook has been hit very hard the last few weeks with a never ending onslaught of new scams trying to trick innocent Facebook users. The latest one spreads with the message “I can’t believe a GIRL did this because of Justin Bieber” and links you to a YouTube look-a-like site called FouTube.
Fortunately Sophos customers are protected from being likejacked when using our browser helper object in Internet Explorer. The hidden iFrame is detected as Troj/Iframe-ET. This style of attack is quite old and resembles some of the first likejacking attacks we started seeing earlier this year.
Most Facebook attacks I have looked at recently were rogue Facebook Applications rather than simply liking a web page. This one is quite poorly crafted, yet it is still spreading quite quickly amongst Facebook users who can’t seem to get enough Justin Bieber.
One interesting thing while came up though, the person behind this attack displays an offer to purchase Facebook Groups/Fan pages, apparently to help further spread their malicious scams.
Like most scams this one does not appear to be spreading malware, rather just displaying survey scams and other tricks to get you to subscribe to premium rate SMS services on your mobile phone.
It’s unfortunate that almost eight months after likejacking started becoming common that Facebook has chosen to keep the simplicity of the “Like” feature and not implement a confirmation option that would alert a user who is logged into Facebook that they are endorsing another scam.
If you have accidentally “Liked” this web page you can remove it by visiting your Facebook Wall and choosing to remove your like. As a precaution against likejacking you may wish to logout from Facebook when you are not actively using it. These attacks do not work if you are not currently logged into Facebook.
If you’re a Facebook user and want to keep up on the latest threats and security news why don’t you join the Sophos Facebook page?
I've been saying for a while, those Like aggregation pages (and ones that look like them) are a potential breeding ground for malware.
Maybe it will take someone to, instead of focusing on Justing Bieber, to post something like "The TSA has finally gone too far" or "Click here to oppose Comcast's takeover of the Internet", before FB finally does something. In other words, when the attacks start targeting the people who work at Facebook, and catch FB employees, maybe they'll do something.
I choose remove my like on my wall but it still shows up under my profil. Any other chance to remove this stupid 'like'?
under the group at the bottom of the page on the left it says unlike.
hit the little x next to the post and select report as spam..
Great text – finally someone who is informing the (non-professional) people! Facebook should think about a validation for their like buttons so that people won't be able to generate their own links…
@Sebastian
If you go to your page, under your name is a link for Edit My Profile
Left hand navigation> Likes and Interests
The first page is your tags by section. Each section has a “See More” and more tags appear that are associated with the interests that you chose for yourself. Find the tags, click on it to turn it blue, then hit delete.
thank you very much trini!!
"Facebook's latest scam"
Poor choice of words. That sounds like it's a scam run by Facebook, rather than a scam targeting FB users.
I removed the like, but it is still written that I shared a link (what I definitely didn't). But i is not viewable in my own Linklist, so I can not remove it.
Any ideas?
hi, i didn´t really get it, my englisch is really bad 🙁
so i clicked on this side, and had it under my "I like" sites, where i erased it.
the text says it doesnt spread any malware, so i dont have any trojans and viruses right?
but later this text here says the site is displaying survey scams, what does that mean?
I went on this you-tube-lookalike site and could do nothing there (the video didnt play) so i closed the window.
so can i expect now that nothing happened to me?, or how do i know that
i tricks me to subscribe something, as i said i could do nothing on this site.
i also dont really know what a survey scam is.
hope somebody can help me
and excuse my bad english
You should be fine. For surfers in the US, Canada, and United Kingdom the fake video page would lead them to a site pretending to be a survey or quiz. To win the prize you were promised for completing it you needed to enter your mobile phone number which would allow them to subscribe you to a service that charges you money every week.
thanks,
you helped me a lot
yes thank you very much!!!!!
I tried to watch the video too and a quiz appeared in the box. I didn't answered anything. i just tried to close the tab. then a popup appeared and told me not to leave. So I closed the whole browser with the taskmanager. lol
Thank you for the very good informationservice.
I was realy afraid. but you calmed me down. (Sry for my bad english too)
vielen Dank 😉
I didn’t even click on the link or video and it has come up on my facebook feed. Any way I can get it off my feed as I don’t want other people having this problem?
Facebook users beware…!!!
this just happened to me, and i came to this page to figure out what to do.
i wasn't able to remove it when i tried deleting it on my news feed. i had to go to my profile page in order to delete it on My Wall.
But it stayed in my Likes Box on the left hand side.
You can remove it if you go to edit your profile, find the likes and interests section, and click on Show other pages at the bottom of the likes and interests settings page.
You can remove it from there.
Hooray.
I just found something similar to this posted on someone's Newsfeed. After I clicked on the image, I was redirected to this link and I immediately closed it because the URL looked fishy. After Googling it and coming across your story here, I decided to reopen the link and to make sure that it was the same scam. I had already been to the site once – I knew going back couldn't do any additional harm. I simply clicked on the link to take me to the webpage – I didn't attempt to click on the video or do anything further. I also didn't Like it. Do I have anything to worry about if that is all that I did? Nothing appeared on my wall or in my Newsfeed. From what it sounds like, the scam only happens if you fill out the survey but I wanted to be certain.
Any info that you can give is greatly appreciated.
I deleted it from my likes so I should be ok now right? What confuses me is that I never got that quiz thing? Am I still scammed?
If you haven´t given away your mobile phone number can they still scam you?
Many thanks Sophos. I wasn't paying attention and clicked onto this link that was sent by a FB friend. Fortunately my anti-virus is up to date and a red flag came up and didn't let me open it. Keep up the good work.