Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Clickjacking Attack Hits Facebook Users

Sophos : 02 June, 2010  (Technical Article)
Social networking site users have again come under attack with hackers enticing them to click on links with invisible button to spread worm
IT security and data protection firm Sophos is advising Facebook users to be cautious following a widespread clickjacking attack that hit hundreds of thousands of users on the popular networking site over the holiday weekend.

Affected profiles can be identified by having apparently 'liked' links with titles including:

'LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.'
'This man takes a picture of himself EVERYDAY for 8 YEARS!!'
'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!'

Clicking on the links takes Facebook users to a page with a single line of text reading: 'Click here to continue'. Clicking at any point on the page publishes the same message (via an invisible iFrame) to their own Facebook page in an attempt to aid the spread of the worm.

'What the hackers have done is really sneaky. They hide an invisible button - using a hidden iFrame - under your mouse, so wherever you click your mouse-press is hijacked, secretly clicking on a button which tells Facebook that you 'like' the webpage. This then gets published on your own Facebook page, and shared with your online friends, resulting in the link spreading virally,' explained Graham Cluley, senior technology consultant at Sophos. 'Some of the pages ended up with hundreds of thousands of fans as a result. Facebook needs to tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers.'

Facebook users that have been affected should view the recent activity on their news feed and delete entries related to the offending links. In addition, they should view their profile, click on the 'Info' tab and remove any of the offending pages from the 'Likes and interests' section.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo