Japanese tsunami video exploited by clickjackers

Filed Under: Clickjacking, Facebook, Social networks, Spam, Vulnerability

Unashamed "Likejacking" site ibuzzu.fr has stooped to the level of exploiting the recent and devastating Japanese tsunami as a drawcard.

The video page is entitled "Vidéo exclusive de l'arrivée du Tsunami sur les cotes Japonaises - Voilà une vidéo du Tsunami du Japon du 11 Mars 2011 !!! A voir absolument." (Exclusive video of the tsunami reaching Japanese shores - A must-see video of the Japanese tsunami of 11 March 2011!)

But the believable-looking video viewer is a Facebook likejack - clicking on the the grey screen and Play icon actually triggers an invisible Facebook Like button behind the scenes.

Of course, if you happen to be logged into Facebook at the time, the Like happens automatically.

JavaScript in the web page does eventually take you to a real YouTube video, and the website very cheekily notes, in small print at the bottom of each page, that "Le bouton lecture de nos vidéos est un bouton facebook 'j'aime' en plus d'être un bouton play." (The play button of our videos is a Facebook Like button as well as a play button.)

Despite the warning - which most people probably won't notice - it's impossible to condone this sort of activity, especially since the video it offers you in this underhand way is already publicly and openly available on YouTube.

Exploiting a newsworthy tragedy like this for the shameless promotion of a web link from which you can extract ad-click revenue in return for showing someone else's content is just not acceptable business practice.

If Facebook made it slightly more obvious that you had clicked a Like button - for example, by popping up a confirmation dialog - then the clickjackers' activities would be made that much harder. The tiny reduction in convenience and immediacy associated with Liking would be a small price to pay.

Remember to review the posts on your wall regularly. If you notice something you don't remember Liking, you may have been clickjacked. Be sure to click the [X] icon next to the post, and to choose the "Remove Post and Unlike..." option.

Also, don't leave yourself logged in to Facebook all the time that your browser is open. It's tempting, and it's what Facebook would love you to do, but it leaves you open to triggering Facebook events, especially Likes, without realising what you've done.

Incidentally, the offending site (ibuzzu.fr) is blocked by the Sophos Web Appliance, which prevents protected users from getting to this Likejack in the first place.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 60,000 people regularly share information on threats and discuss the latest security news.

(Thanks to Alex Ziemanski for first reporting this clickjack to us.)

, , , , , , , , , , , ,

You might like

9 Responses to Japanese tsunami video exploited by clickjackers

  1. jay · 1630 days ago

    facebook blocked is as "abusive" just a heads up

  2. For me, it's too inconvenent to remember to log in and out of Facebook as needed. I find the easiest way to protect myself is to just not log into Facebook from my main browser.

    I use Mozilla's Prism to run an instance of Facebook in a separate browser that cannot be used for regular browsing.

    For folks who don't want to bother with Prism, just use a separate browser for Facebook.

  3. ama chucky · 1630 days ago

    poor japan......

  4. Elaine Hamby · 1630 days ago

    I selected "Mark as Spam". I hope that is as safe and effective as "remove and unlike".

  5. coffeerenting · 1630 days ago

    This has been blocked by FB. I'm guessing that the clickjackers have reported this content as abusive....I've reported to FB, but you may want to take further action. Thanks for fighting the good fight and keeping us informed.

  6. It sure would be great if FB would give me the option to log me out automatically after 10 min. non-activity.

  7. I just 'counter-reported' it as non-abusive. When it tries to block it (assuming you are trying to share this article) it offers a link if you believe they are mistaken about blocking it.

    Did so and for reason put: "I do not believe warning people about Like-Jackers is abusive. Do you normally block content that is mildly critical of your security?"

    Hope it helps, I'd like to share this article.

  8. Yet.. oddly enough it lets me share it if I do it directly from the FB feed. I guess it's not abusive .. that way? Oh well, was able to warn my friends, thanks Sophos.

  9. Thu Win · 1629 days ago


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog