Friday, June 18, 2010

Facebook Vs Myspace


Facebook Vs Myspace, originally uploaded by Ben Heine.

ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian USA, LLC

Hundreds of thousands of Facebook users were hit over the holiday weekend by a trick that spreads a clickjacking worm

once the victim has been fooled into "liking" a page. Once that is done the action installs a Trojan and recommends the page

to the victim's friends.

According to security firm Sophos, which has taken to calling this type of exploit "likejacking," the viral "Like" worm spotted

last weekend was working its way across Facebook with messages that include the following:

"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

"This man takes a picture of himself EVERYDAY for 8 years!!"

"The Prom Dress That Got This Girl Suspended from School."

"This Girl Has An Interesting Way of Eating a Banana, Check it Out!"

But clicking on these links takes Facebook users to what appears to be a blank page with just the message "Click here to continue,"

according to Sophos, which describes the "likejacking" exploit in a blog post written by Sophos senior technology consultant

Graham Cluley.

Cluley says clicking on any point on the page publishes the same message via an invisible iFrame to their own Facebook page,

and visiting users are tricked into "liking" a page without necessarily realizing they are recommending it to all of their

Facebook friends. Web-based iFrame attacks have become extremely common across the Web over the past few years.

Sophos identifies the Trojan used in this attack as Troj/Iframe-ET.

Cluley says Facebook users would benefit from reviewing their recent activity on their news feeds and delete entries related

to the links described, and if necessary, remove any of the identified "likejacking "pages from the "Likes and interests"


Cluley says that the attackers' rationale for the "likejacking" exploit is "likely to boil down to money. Although we haven't

seen any clear revenue motive in this latest attack, it's possible this was a proof-of-concept by the bad guys to see how

effective such a scheme could be."

Facebook users have been hit by several types of attacks recently, including the so-called "sexy Candid Camera" attack.

Named Works: Facebook (Website)
Source Citation
Messmer, Ellen. "'Likejacking' exploit fools Facebook users and friends; Security firm Sophos identifies latest attempt to manipulate Facebook crowd." Network World (2010). Computer Database. Web. 18 June 2010.
Document URL

Gale Document Number:A228238075

ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian
Personalized MY M&M'S® CandiesObama on 60 Minutes DVDGreat Prices at (Web-Page)
(Album / Profile) here for the Best Buy Free Shipping OffersShop the Official Coca-Cola Store!

No comments: