Gone are the days of banner hijacks and clipboard hijacks. Now we're ready for the Facebook "like" button hijack. Graham Cluley of Sophos describes the viral clickjacking worm that hits facebook users.
The trick, which uses a clickjacking exploit, means that visiting users are tricked into "liking" a page without necessarily realising they are recommending it to all of their Facebook friends.
Unfortunately, as we're all too aware, messages such as "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School." and "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!" are exactly the kind of content that people will click on on Facebook.
Sophos detects the offending webpages as being infected by Troj/Iframe-ET.
Richard Cohen of SophosLabs , and now PC world reports that Facebook Likejacking Attacks Continue With 'Paramore N-a-k-ed Photo Leaked!', as the trick has been upgraded a little and is now more sophosticated. The Like button hijack doesn't seem to be going away anytime soon.
"What the hackers have actually done is very sneaky. They have hidden an invisible button under your mouse, so wherever you click on the website your mouse-press is hijacked. As a consequence, when you click with the mouse you are also secretly clicking on a button which tells Facebook that you 'like' the webpage. This then gets published on your own Facebook page, and shared with your online friends, resulting in the link spreading virally," Cluley writes. It's technically similar to the earlier likejacking exploits in that it makes use of what's called an iFrame exploit.
Who will be the first to use this trick as some sort of AIDS message ad? "Careful where you point that thing..."