Japanese tsunami video exploited by clickjackers

Unashamed “Likejacking” site ibuzzu.fr has stooped to the level of exploiting the recent and devastating Japanese tsunami as a drawcard.

The video page is entitled “Vidéo exclusive de l’arrivée du Tsunami sur les cotes Japonaises – Voilà une vidéo du Tsunami du Japon du 11 Mars 2011 !!! A voir absolument.” (Exclusive video of the tsunami reaching Japanese shores – A must-see video of the Japanese tsunami of 11 March 2011!)

But the believable-looking video viewer is a Facebook likejack – clicking on the the grey screen and Play icon actually triggers an invisible Facebook Like button behind the scenes.

Of course, if you happen to be logged into Facebook at the time, the Like happens automatically.

JavaScript in the web page does eventually take you to a real YouTube video, and the website very cheekily notes, in small print at the bottom of each page, that “Le bouton lecture de nos vidéos est un bouton facebook ‘j’aime’ en plus d’être un bouton play.” (The play button of our videos is a Facebook Like button as well as a play button.)

Despite the warning – which most people probably won’t notice – it’s impossible to condone this sort of activity, especially since the video it offers you in this underhand way is already publicly and openly available on YouTube.

Exploiting a newsworthy tragedy like this for the shameless promotion of a web link from which you can extract ad-click revenue in return for showing someone else’s content is just not acceptable business practice.

If Facebook made it slightly more obvious that you had clicked a Like button – for example, by popping up a confirmation dialog – then the clickjackers’ activities would be made that much harder. The tiny reduction in convenience and immediacy associated with Liking would be a small price to pay.

Remember to review the posts on your wall regularly. If you notice something you don’t remember Liking, you may have been clickjacked. Be sure to click the [X] icon next to the post, and to choose the “Remove Post and Unlike…” option.

Also, don’t leave yourself logged in to Facebook all the time that your browser is open. It’s tempting, and it’s what Facebook would love you to do, but it leaves you open to triggering Facebook events, especially Likes, without realising what you’ve done.

Incidentally, the offending site (ibuzzu.fr) is blocked by the Sophos Web Appliance, which prevents protected users from getting to this Likejack in the first place.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 60,000 people regularly share information on threats and discuss the latest security news.

(Thanks to Alex Ziemanski for first reporting this clickjack to us.)