Many Facebook users were assaulted by the following message earlier today, seemingly shared by their online friends:
![[SHOCK] At 17, she did THIS in public high school, EVERY day! Outrageous?](https://sophosnews.files.wordpress.com/2012/07/facebook-scam.jpg?w=640 "[SHOCK] At 17, she did THIS in public high school, EVERY day! Outrageous?")
[SHOCK] At 17, she did THIS in public high school, EVERY day! Outrageous?
[LINK]Is it normal to let her do that? In PUBLIC and such!
The image of a young woman’s bottom in tight-fitting jeans might or might not (depending on your taste) entice you into clicking further – and if you did succumb you would have found your browser taken to a third-party webpage which pretends it is about to show you a video.
However, the “play” button on the video hides a secret “Like” button, which means that you share the link even further across your social network by clickjacking – helping the scammers spread their link virally.
The purpose of scams such as these are typically to lead you to online surveys (which earn the scammers affiliate commission) or to trick you into handing over personal information such as your cellphone number which will then be subscribed to a premium rate service.
One day the scammers will be using links purporting to be videos of giant snakes eating zookeepers, the next it might be a sex video of an Asian film star.
The disguises may change, but the trick is the same. Keeping your wits about you is your first defence.
You should always be careful about what you click on on Facebook – as you could be carelessly sharing a scammers’ link onto your online friends.
If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page – where 200,000 people regularly discuss the latest attacks.
Follow @gcluley
I almost fell for this one today. I clicked on the link, but was suspicious of the video, and noticed that it had a dodgy url when i hovered over it.
It took me to a video about texting while driving.
I had an "uneasy" feeeling – but – because of the poster, I went there….and tried and tried. Ended up on a Hate God blog. That being said,, I ran the Malware system, and came back clean – but is there something more to do so that my system stays clean ?
Yeah, use some common sense and stop clicking junk like this. You only have yourself to blame.
No, he only has the hacker to blame. Someone outright tried to trick him and others – no need to blame victims when they're being attacked.
Nope, the person above you is correct. When someone falls victim to an attack, such as this, the best thing to do is to accept your 50% of the blame. The reason is: all you can do to prevent this is to change your behavior by recognizing your error so you do not fall victim (again). Making excuses for your own stupidity and blaming it on others is the best way NOT to learn to prevent these sort of things from happening. Basically, if the person takes no responsibility, then they do not have to think about how they could prevent it. The only thing you can really disavow responsibility for are things that you do not do.
Sure, the scammers are responsible for some of it, but no one makes anyone click a link. By preying on feeble minds, scammers have a lucrative business. If people were more aware of the ways people trick you, then scammers might not have such a target rich environment, and would have to go make money by earning it legitimately.
No, the previous poster is correct.
If one does not taking responsibility for his or her own actions (clicking the link), that person will never be able to learn. If it was an accident, then there is no blame, but the person who clicked the link is partially responsible. If a person doesn't recognize where they have a choice and instead blames a third party for their error, then they will continue to make the same mistake.
No one blames a snake for eating a squirrel that gets too close. The snake did his job, and the squirrel failed at their job. Because the squirrel would have benefitted instead of the snake if the squirrel had used caution, then it is obvious the squirrel is to blame for his predicament. Luckily, it dies and does not have to live with the realization that it is an idiot. We are all Idiots, sometimes.
And when one person falls victim it encourages the scammers to keep trying. Had scammers not had such a target rich environment of gullible and shallow people looking for things that would excite them, then the scammers might have to make money legitimately.
Not everyone spends 100 hours a week on the Internet. It’s impossible to keep up to date with every scam. When parents see something that might look like a story about someone doing something not so nice at a “public” school they probably want to know what it is. Especially if they think a friend posted it.
FOOLS! spring a few extra bucks for a Mac and you'll never have to deal with this virus crap.
shhhh don't say that! if apple's market share rises the hackers might find it lucrative to target us more often!
Yeah, except it's a browser exploit, not a virus. These can run in Windows, Mac or Linux.
My boyfriend had this posted on his fb page WITHOUT clicking the link or playing the video. He'd never seen it before until I pointed it out from my newsfeed.
How can something spread onto your account without you ever clicking on it?
And you believe him? Sweet.
means he clicked it and lied to you… come on, its a girls ass and you must be the jealous type if he lied.
I knew about the link I got hacked with..My sister gets it all the time and I'm the one calling her. I got it today and I don't click on those links because I KNOW about these things happening. So I know I don't click on links, So, tell me how to keep this from coming back. I'm not telling lies but would like to keep a clean account.
i had that too about 2 years back. i went into the security settings and blocked all applications and it stopped. it even deleted the sketchy video links that got posted on my friends' walls from my account. it was a while ago though i don't know if it'll still work. either way it's nice to have all applications blocked. i sure don't miss all those farmville invitations 🙂
hope you manage to get rid of it. good luck!
No it can't. Your boyfriend doesn't want you to know he clicked that nice bottom 🙂
Noooo, he'd never do anything like that. The porn on the computer isn't his either.
WHO KNOWS!?! Nevertheless, you shall not enquire into this any further! Just trust & love your boyfriend!
Haha! Yeah sorry but he lied to you there. He'll have clicked it and not realised that by clicking it, it posted to his wall. To be fair though, the lie will have been said because he was embarrassed and doesn't want you to feel that he cares for you any less. If you find me a guy with a computer who hasn't clicked on a nice bottom every now and again, I'll give you £10000! So don't be mad at him! Just wise up a bit 😉
This is ridiculous! I got my account hacked and I don't click on links!
One of my friends actually had this scam on his page earlier today, and I helped him remove it (I knew it was bad already, even before this article was up). And he's very good with computer related stuff…
Just goes to show how much people aren't aware of these scams.
May I ask, how on Earth do you remove it?
it is easy to say "you should be careful" but in reality it is nearly impossible…
It comes from a friend on FB, its a link to an external video (as are 90% of all video links on FB) and it appears to be legitimate (though the 'bottom" video is less so) and it uses technology we already accept and use ("liking" in FB).
Hopefully browsers will evolve to help with this. I would certainly like my browser to pop up a dialog saying "you are about to like something on FB, do you approve?" or friend someone or add them to your circle in google+, etc.
Exactly. It isn't the users fault – there's no reasonable defense against this in terms of common sense. Browsers will likely soon implement a new anticlickjacking technique having to do with UI randomization
Stop clicking on shit on the left hand side of your browser. Most of the crap my "friends" post is inane and of no interest to me. If I do see something interesting I investigate outside of the poison walls of FB. Like everyone before you said, you can't place all the blame on the criminals. I know I can't leave my front door unlocked. Yes, it sucks that I don't have that freedom, but it's reality and I know it so I lock my door. The same can be said about online behavior. Besides, it's a little creepy that grown men are clicking on something that talks about high school underage girls. Just saying…
Really? What your friends post is of no interest to you haha. Why be friends then?
When they’re posted on a friends page who’s a mother of 3, yes I do click on them. It’s hard to see what’s on the pic on a mobile phone, but it looked like a typical news story to me
I unwittingly fell for this a few weeks ago. Teach me to follow women’s asses.
Its interesting to see that most of those who "fell for this " never noticed that it appeared to be of a young woman pulling her undershirt down.At least that's what I saw in the picture. Why would something like that be considered "shocking" to do in public ? That is the kind of stuff I did in grade school.
Very old lame clickjacking script.. Can't believe it still works..
All you have to do to stay safe from stuff like this is use some common sense and guys, stop letting the appendage between your legs do your thinking for you.
What's even more creepy is that the girl is supposedly underage. I'll bet that's part of the draw too. It would get far less clicks if it said – "Overweight mother of 5 does something shocking every day". There's a reason I'm protective of my daughter.
How did you know Cindy had 5 children?
Because sex is clearly not a motivation for either gender…
ALWAYS GOOGLE BEFORE YOU CLICK FACEBOOK LINKS!!!!!
1. Stop shouting.
2. If it has only just been released it may not be on Google (yet).
3. The only way is to use some common sense; something sadly lacking in the FB community.
NoScript for firefox would probably have stopped this; its click-jacking protection is pretty good.
It seems like the scammers creating more blogspot pages and using it for the attack. found few more sites. The fb script in the attacker site created by this fb profile "facebook.com/madelaine.netto"
Here is my report : http://www.ehackingnews.com/2012/07/facebook-scam…
How do I remove it? It's just appeared in my 'likes' via my cousin's news feed?!!! & I don't 'like'!!!
How do I remove it? It's just appeared in my 'likes'?!!! & I don't 'like'!!!
The right way to do it is to reply to your own comments
Good warning – but who is the girl with the incredibly gorgeous ass??
Right Click Open Incognito usually works pretty well since it unlinks the opened video from your facebook (provided you didn't set up facebook in incognito mode too).
Open the page with all your 'likes', click 'show other pages'… click or hover over it, a drop down box appears, click 'unlike' and 'unsubscribe'. Done!
I tried that. There was no indication that I had ever liked this page.
what if i commented on it saying it appears to be one of those fb hacks?
I keep clicking play but it wont work
It is stunning how anybody could fall for these scams.
sexy photo – bad spelling and shitty grammar =scam. how people click on these again and again i do not know. Homer Simpson syndrome
well mine is translated in greek. I mean a greek page posted it too! the grammar wasn't shitty nor was the spelling. It seemed promising, with a girl's bottom showing. you know.. i had to push the button! I just had to! But fortunately i looked it up on google and it sent me here. Afterwards I watched some porn and now I feel much better.
It is showing as liked on my timeline, how do I get rid of it? It's been marked abusive so I can't go to the page and nothing happen when I hover over. Can anyone help?
Open the page with all your 'likes', click 'show other pages'… click or hover over it, a drop down box appears, click 'unlike' and 'unsubscribe'. Done!
i wonder how difficult it would be for FB to have a dialogue box pop-up with something like
"you are liking something on an external site, do you really wish to like this item and post it to your timeline? [yes, i 'like' this] [no, i didn't 'like' this]"
clicking 'no' would then proceed to a dialogue box asking if you'd like to report said lnk/site as spam.
i'm guessing not that difficult…
We're talking about people who can't spot the bleedin' obvious, here. How many times have you seen someone claim 'I thought it might be a scam, but clicked on it anyway.' Sometimes I think these people get what they deserve.
They probly get paid to allow these things to be there in the first place lol
lol. maybe only one crazy enough to click on virus to check my security. too funny if it goes to others.
Is anyone going to actually advise on how to remove this from timeline seeming it's hiden from the user who posted it but visable to all friends
Just go to your activity log in your profile and remove it there.
Thanks! Filter by Activity Log, click on Posts and Apps to drop down this menu, click on likes and then look through for this specific one – you can then mark it as spam and delete it!! Thanks for this tip – was getting really cross.
Norton saved me from this 😀
About the only useful thing Norton has ever done for me.
£54.99 per year well spent. >.<
But Norton had not saved me from this. I change my passwords, I run scans, and it keeps coming back.
pop up blocker stopped it lol
I clicked on it and tried to play the video then found out it is some spam thing. Luckily it was not added to m "likes" on my activity log.
Flo, I'm afraid your bf is lying to you.
[Video] – Girl killed herself, after her dad psted THIS to …
My Norton AV blocked this attack by: Web Attack: Facebook LikeJacking Attack 1.
13-videonow.noq.com.au (184.172.210.108.80)
FYI I didn't click on it out of curiousity, I clicked on it to view the results so that I could warn my FB friends who have already clicked on it this morning and spread on their friends walls.
While being circumspect is a fine -general- suggestion, nothing specific is given here to look for or to avoid.
Yes, blunt titillation is used, but for the largely unsophisticated bulk of social-media users, that is both common and impossible to ignore. (Read as: "Them's gonna keep a-lookin' no matta whut.")
I realize it isn't your failure that no clear, specific indicator is available, but that tells me this article should have (yet another) call to FaceBook demanding basic simple protections from misleading links, hidden function buttons, paste-over graphics and unqualified posting through your account.
These tricks are entirely FaceBook's responsibility and fault.
I have to laugh at the "Always google before clicking facebook links"
Really??? You would spend your whole life researching the so called social media site to make sure everything was safe.
This is not as difficult, or imprudent as it sounds. I've lost count of how many times I've warned friends that their posts were scams, spam or somehow malicious. Given how common this kind of junk web content is, taking a minute to verify the legitimacy of what you are "sharing" is a good idea.
Interwebz shenanigans aside, if I come across a "news" story with the words "shocking" and "17 year old" in the title, at the very least, I can count on it being just sensationalist, exploitative dribble.
Some people are just stupid!
People get Firefox, get NoScript and never fall for this kind of s… again.
Talk all you want about this boiling down to "using common sense" but the spammers and scammers unfortunately mirror the overall low level integrity the entire world has allowed itself to sink with little regard for decency and honesty toward others.
Fortunately, I deleted all my Social Network Accounts. At the same time most of the spamming websites are automatically blocked by Saudi Govt. I guess my computer should be safe from spammers.
I was a sucker and got had too. A few months ago a good friend sent this to me. yep I clicked it. not only did it post on my wall, its sent everyone in my contact list (of over 1000+ peeps) the same add. Not to stop there it went so far as to make groups and automatically add every single one of my friends to these groups. So for the next week I had to remove everyone from each group (around 160-200 people) from each group before I could report and shut the group down. It made around 8 groups or so.
Worst thing is, i couldn't get rid of it and it eventually it killed my PC. I will have to recover my hard drive and reinstall my whole operating system.
Man….1 freakin click can really make it rain in your cherios! 😦
Yeah i agree with Cindy because you are the one that clicked on the like button
if you use facebook – you read spam all day around and generate money for facebook, so why care there is more spam around?
Apparently I’ve fallen victim to this likejack.That’s not the problem. The real problem is that if friends of my friends (not me or my friends) look at my wall, they will see my having commented on that video and thus parsing it on. However there is no indication in my activity log, that I have liked or commented this video. So shouldn’t Facebook be responsible for this? After all it is the Facebook system that presents stuff on my wall that neither I nor my friends can see.