Sophos Cloud Optix
Messages are beginning to spread across Facebook, tricking users into clicking on links which claim to point to the world’s funniest condom commercial.
The messages are spreading through a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing that they “Like” the video when they try to play it.
A typical message looks something like the following (the actual link can change):
The World Funniest Condom Commercial - LOL
[LINK]
haha its really so funny ~ Dont Miss it !
The scam appears to be being perpetrated by the same gang who have been successfully spreading a “Baby born amazing effect” scam over the last several days.
Clicking on the links, which so far appear to all be hosted on blogspot.com, takes users to a webpage which urges visitors to click to watch the video.
The pages have the headline “The Funniest Condom Commercial”:
Click further at your own discretion – because the clickjacking scam is about to play its part in the scheme. If you try to play the video then you will be unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally across Facebook.
By the way, there is a condom commercial shown at the end of this whole process, but the Argentinian TV advert is available for free on YouTube meaning that there was a way of viewing it which didn’t involve helping the scammers spread their link across the Facebook social network. (Oh, and the video is not that funny).
As regular readers of Sophos’s Facebook page will know, scams like this have been seen on far too many occasions.
Recently announced new Facebook security features were supposed to provide protection against clickjacking/likejacking schemes like this – but once again have unfortunately proven to be ineffectual.
If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:
Here’s how you can clean-up your Facebook page.
Find the offending message on your Facebook page, and select “Remove post and unlike”. You could also choose to mark it as spam to alert Facebook’s security team.
Unfortunately that doesn’t completely remove the connection between the mischievous link and your Facebook page. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.
Of course, attacks like this would find it much harder to spread if folks were much more careful about the links they clicked on when using Facebook – and if Facebook’s in-built security was more effective at stopping clickjacking attacks.
If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.
Hat-tip: Thanks to Naked Security reader Josh for first giving us a heads-up about this clickjacking scam spreading on Facebook
I have seen another one floating about the past few days, it a clip about a 3D web cam of a baby birth, a few of my face book friends have it up, I suspect it is a clickjack but I am not sure but I wont be going there I went through the real thing and the thought of watching it in 3D is not appealing to me
I suspect you might be referring to the clickjacking scam we wrote about here:
http://nakedsecurity.sophos.com/2011/05/27/baby-b…
You know, if I could get a list of the names of those who create and unleash such unspeakable evil upon us, I would set up a "Facebook Scammers Hall of Humiliation" site, where we could post them and then laugh mercilessly at them, forever. Think of it as an eternal shame upon their cyber-tombs.
~EdT.
Except they'd probably use pseudo names so it wouldn't affect them…
Call me naive, but as someone who's not on Facebook (yes, I'm that 1% of the world), where is the actual danger if you just like that unknowingly? Does anything get automatically downloaded that would harm your computer?
It harms your reputation, not your computer.
It harms your reputation in two ways:
First, it indicates semi-publicly to the world that you "like" this somewhat sexual content, and calls attention to it to your friends. If your boss or partner or a parent of a child you teach is on your friends list, this could be very significant.
Second, it induces your friends to also fall victim to this scam. It's not a nice thing to do to your friends, and makes you look like an idiot. (Trust me on that — I was investigating whether it WAS a scam a friend had fallen victim to, and the clickjacking caught ME, and made ME feel like an idiot).
But your computer should be OK.
No, some people are just doing this to get a page to have over 10K likes (15K in this situation) as their pages are not popular and some are earning money over these scams (not the pages)
Is there any way we can hunt down and prosecute these scammers?
why facebook not taking spams seriously ?
But I wanted to watch the funny video… Just kidding. This just happened to me, thanks for the post!
FYI, this is circulating again but this time as "Funniest video I have ever seen" with the description "omg that's so funny.."
Hello, i have a problem with this LikeJacking Attack 31, whenever i start Chrome my Norton blocks the attack, ofcourse it's a good thing that Norton does that but i don't feel protected at all if i get attack every singel time when i open my browser. How can i prevent it?