Sophos Cloud Optix
This broken record continues to play. Yes, Facebook likejacking scams continue to plague Facebook users’ walls. This one spreads to walls saying:
“New teacher from behind”
“(BADURL) When our new teacher terns towards a blackboard students are go haywire. VIDEO: New Teacher from behind”
Unlike some of these likejacking scams, this one is using many different URL shorteners, including goo.gl, tiny.cc, tinyurl.com and even direct URLs to domains registered in .info and .ro top-level domains. At the time of this writing, over 6,000 people have fallen victim to the scam and the numbers continue to climb.
In a trend we are seeing more often in web-based attacks, this attack only requires that you are using a modern browser and are logged into a Facebook account. It works regardless of the operating system your device uses, including Windows, OS X, Linux, iOS, Android and more.
The best defense against clickjacking attacks is to use the Firefox browser with the NoScript add-on.
Otherwise, to avoid these types of attacks, the only remedy (which isn’t exactly practical) is to be sure you are not logged in to Facebook when clicking unknown URLs. If you are not logged into Facebook, you are presented with a pop-up window asking you to login, which is an indication that it is an attempt to likejack your account.
Personally, I use one browser just for Facebook and a different browser for all of my normal internet activities. If I choose to follow a URL from a Facebook wall, I use my non-Facebook browser so I can be alerted to the attack, as well as having protection from NoScript on my side.
For more best practices on Facebook security, visit the Sophos Security Hub where we have our guide to Facebook security. To stay up to date with all the latest security news you can follow Sophos on Facebook.
I discovered the same thing about the different browsers. I always open any links in the other browser, and sadly almost all of them lately have been these 'likejacking' sites.
If you do click the link.. what are you supposed to do afterwards?
Graham provides advice on cleaning up from a likejacking attack in this post:
http://nakedsecurity.sophos.com/2011/03/13/japane…
Hope that helps,
Chester
You can delete the post by clicking on the "X" at the top/right of the post.
do i have tto change my pw now?
No, but it is never a bad idea to change your password occasionally. Graham posted his advice on how to clean up your profile after falling victim to a likejack attack here:
http://nakedsecurity.sophos.com/2011/03/13/japane…
Chester
If you don't "like" the link but click on it, can you get infected?
It doesn't infect your computer, it simply spams it's message out on your wall. If you didn't click the video you are OK. If you did, you will want to remove the Like from your profile.
I was able to go to my profile and delete and unlike the post.
Facebook should have closed this vulnerability months ago.
Very informative thank you! Can I ask what browsers you are talking about?
Personally I use Chrome and Firefox, but as long as they are 2 different browsers you can isolate your Facebook from your other clicks.