Hundreds of thousands of Facebook users were hit over the holiday weekend by a trick that spreads a clickjacking worm
once the victim has been fooled into "liking" a page. Once that is done the action installs a Trojan and recommends the page
to the victim's friends.
According to security firm Sophos, which has taken to calling this type of exploit "likejacking," the viral "Like" worm spotted
last weekend was working its way across Facebook with messages that include the following:
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 years!!"
"The Prom Dress That Got This Girl Suspended from School."
"This Girl Has An Interesting Way of Eating a Banana, Check it Out!"
But clicking on these links takes Facebook users to what appears to be a blank page with just the message "Click here to continue,"
according to Sophos, which describes the "likejacking" exploit in a blog post written by Sophos senior technology consultant
Graham Cluley.
Cluley says clicking on any point on the page publishes the same message via an invisible iFrame to their own Facebook page,
and visiting users are tricked into "liking" a page without necessarily realizing they are recommending it to all of their
Facebook friends. Web-based iFrame attacks have become extremely common across the Web over the past few years.
Sophos identifies the Trojan used in this attack as Troj/Iframe-ET.
Cluley says Facebook users would benefit from reviewing their recent activity on their news feeds and delete entries related
to the links described, and if necessary, remove any of the identified "likejacking "pages from the "Likes and interests"
section.
Cluley says that the attackers' rationale for the "likejacking" exploit is "likely to boil down to money. Although we haven't
seen any clear revenue motive in this latest attack, it's possible this was a proof-of-concept by the bad guys to see how
effective such a scheme could be."
Facebook users have been hit by several types of attacks recently, including the so-called "sexy Candid Camera" attack.
Named Works: Facebook (Website)
Source Citation
Messmer, Ellen. "'Likejacking' exploit fools Facebook users and friends; Security firm Sophos identifies latest attempt to manipulate Facebook crowd." Network World (2010). Computer Database. Web. 18 June 2010.
Document URL
http://find.galegroup.com/gtx/infomark.do?&contentSet=IAC-Documents&type=retrieve&tabID=T003&prodId=CDB&docId=A228238075&source=gale&srcprod=CDB&userGroupName=broward29&version=1.0
Gale Document Number:A228238075
No comments:
Post a Comment