Facebook Clickjacking Attacks Continue to Snare Users
So-called likejacking attacks on Facebook, spotted by security company Sophos, are continuing to spread. A new set of lures is popping up, including promises of information about the BP oil spill and the phone number of pop singer Justin Bieber.Attackers have updated a clickjacking attack targeting Facebook users that Sophos has dubbed "likejacking." During Memorial Day weekend, a clickjacking worm roped in hundreds of thousands of Facebook members with messages such as "The Prom Dress That Got This Girl Suspended From School." This time however, the attackers are using a new set of lures, including a promise of naked pictures of rock singer Hayley Williams of the band Paramore and teen pop singer Justin Bieber's phone number.
Clicking on the links takes Facebook users to a third-party site with a message that reads, "Click here to continue if you are 18 years of age or above." Wherever the visitor clicks on the site, the mouse click is hijacked, forcing a click on a button that tells Facebook they "like" the Webpage. This gets published on the person's Facebook page and shared with their friends, spreading the link virally.