Facebook Clickjacking Attack Spreads Troj/iframe-ET Worm Through 'Like' Feature
Ever since Facebook has allowed bloggers and web publishers to add a 'LIKE' button to their posts, it has spread like wildfire. Unfortunately, hackers are now using the links that are supposed to be posted on Facebook users' profiles when they "Like" a specific post to redirect users to a malicious web page that spreads a malicious worm.
The Facebook 'LIKE' button, shown in Figure 1 below, is a fairly new way to essentially "backlink" or recommend something that users like or want to share with others that view their Facebook profile wall. The liked-link usually shows up as hyperlinked text on a users Facebook profile wall as shown in Figure 2. Below.
Figure 1. Facebook 'LIKE' button
Figure 2. Facebook hyperlinked text on a profile from clicking the 'LIKE' button on a web page.
Cybercrooks are now spreading a clickjacking attack through the 'Like' links. Basically, hackers are posting faux 'Like' links on Facebook in hopes that others will click them and be redirected to a blank web page that has the text "Click here to continue" which will spread a dangerous worm once clicked upon.
Security researchers at Sophos first identified the malicious page being infected with the Troj/iframe-ET worm. This worm has been discovered to automatically add "Likes" to your Facebook feed thus quickly spreading itself through Facebook users' recommended pages.
This new Facebook attack only adds to a long list of other issues the social network has faced in just the past few months in addition to privacy concerns. The malicious messages being spread on Facebook this time as part of the clickjacking attack include the following:
- "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE"
- "This man takes a picture of himself EVERYDAY for 8 YEARS!!"
- "The Prom Dress That Got This Girl Suspended From School"
- "This Girl Has An Interesting Way Of Eating A Banana Check It Out!"
The worm infection spread from the clickjacking attack seems to be more of a nuisance than anything right now. Because the worm can spread very quickly, it is suggested that users take immediate action to detect and remove the infection with a spyware removal tool before it spreads.
Do you click the "LIKE" button on various posts? Do your friends on Facebook click through recommended links or those that you have "Liked" on other pages?