Facebook Contends With Latest 'Likejacking' Scam
The latest clickjacking scheme on Facebook managed to trick hundreds of thousands of users into "liking" and posting malicious links on their personal pages.
Malware engineers are preying on Facebook members again this week, tricking fans of the world's largest social networking site into clicking on malicious links that hijack their browser and spread even more malware to their friends.
Clickjacking is a technique by which hackers spread malware and redirect traffic to nefarious sites by using iFrames hidden under what appear to be innocuous links. Variations on the scheme have plagued Facebook, Twitter and other social networking sites for years.
This latest scam, dubbed "Likejacking" by Richard Cohen, a researcher at security software vendor Sophos, lures people into clicking on links and messages such as, "This man takes pictures of himself EVERYDAY for 8 YEARS!!" and "The Prom Dress That Got This Girl Suspended From School."
SophosLabs officials said that hundreds of thousands of users have already fallen prey to the scam, which routes them to malware-laden Web sites infected by the Troj/Iframe-ET worm, a variant of the Fbhole worm that made its way around Facebook last month.
"When you 'click here to continue,' you're in fact clicking an invisible link, which marks the Web site as one that you 'like' in Facebook," Cohen wrote in a blog posting. "This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads."
Such social engineering tactics have become common among malware authors targeting Facebook users. Come-ons in the past have included bogus warnings that Facebook users' passwords and login information have been reset, as well as links to what purports to be scantily dressed beach babe videos -- both of which hackers have used to extract users' personal information and spread spam and other malware.
"Unfortunately, as we're all too aware, [these] messages ... are exactly the kind of content that people will click on on Facebook," Sophos officials said.