Attackers have updated a clickjacking attack targeting Facebook users that Sophos has dubbed “likejacking.”
During Memorial Day weekend, a clickjacking worm roped in hundreds of thousands of Facebook members with messages such as “The Prom Dress That Got This Girl Suspended From School.” This time however, the attackers are using a new set of lures, including a promise of naked pictures of rock singer Hayley Williams of the band Paramore and teen pop singer Justin Bieber’s phone number.
Clicking on the links takes Facebook users to a third-party site with a message that reads, “Click here to continue if you are 18 years of age or above.” Wherever the visitor clicks on the site, the mouse click is hijacked, forcing a click on a button that tells Facebook they “like” the Webpage. This gets published on the person’s Facebook page and shared with their friends, spreading the link virally.
The attacks using references to Bieber and Williams are only two examples. Others include a link targeting World Cup enthusiasts that prompts the visitor to install what purports to be an “HD Flash TV plugin”; a link for a site claiming to be about the BP oil spill; and another claiming to be about the movie “Shrek Forever After.”
So far, the attackers don’t seem to be doing anything malicious other than disrupting users’ Facebook accounts. However, attackers could always take it a step further, noted Sophos Senior Technology Consultant Graham Cluley.
“The number of attacks appears to be increasing as more people discover just how easy this is to do, and there’s a real danger that things could turn more malicious,” Cluley said.