Slashdot Mirror

← Back to Stories (view on slashdot.org)

Clickjacking Worm Exploits Facebook "Like" Feature

Posted by StoneLion on from the it's-no-robert-morris dept.

An anonymous reader writes "For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.

11 of 124 comments (clear)

  1. NoScript by SlashDPC · · Score: 4, Informative

    Thank you NoScript for stopping this for me. I knew it looked "phishy."

    1. Re:NoScript by bwcbwc · · Score: 4, Informative

      Better yet, use NoScript's ABE facility to block any non-Facebook web page from loading a Facebook page or API. From http://noscript.net/abe/ :

      # This one allows Facebook scripts and objects to be included only
      # from Facebook pages
      Site .facebook.com .fbcdn.net
      Accept from .facebook .fbcdn.net
      Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

      --
      We are the 198 proof..
    2. Re:NoScript by smcn · · Score: 2, Informative

      A similar technique for Privoxy users can be found here: http://bmearns.net/wwk/view/Privoxy

      By default it only stops cookies. At the bottom of the page it is explained how to block all Facebook access from third party sites.

  2. Re:I was afraid to click the link... by Flea+of+Pain · · Score: 3, Informative

    Flea of Pain like this.

    --
    Do not argue with an idiot. He will drag you down to his level and beat you with experience.
  3. Re:caterpillar by maxume · · Score: 2, Informative

    If it helps, those are often called inchworms.

    --
    Nerd rage is the funniest rage.
  4. Re:Link? by DeadPixels · · Score: 3, Informative

    Warning: This is a clickjacking attempt, obviously, so copy/paste the URL only if you want to see it for yourself. NoScript blocks it for me.

    http://www.mprosperstats.info/bananalike/index.htm?ref=search&sid=dpf-GrMT3GTEEuQTlotyMg.3788977952..1

  5. Fix is right here by vlm · · Score: 3, Informative

    and offers advice on how to clean up affected Facebook profiles.

    No problemo, just click right here:

    http://www.facebook.com/group.php?gid=16929680703

    The title is "How to permanently delete your facebook account." Or, is it?

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  6. Re:8===D O: == Muhammad by DeadPixels · · Score: 4, Informative

    The real problem isn't as much of an exploit so much as it is Facebook's platform for cross-site publishing is basically broken. They allow any site to act as the user with no confirmation other than a click, which as we've seen is easy to get via an invisible iFrame that follows the mouse. Aside from revamping the way they handle "Likes" and other such things on other sites, there's not much they can do to "fix" it.

  7. Yep, saw it last night. by dasunst3r · · Score: 3, Informative

    Out of curiosity, I opened the link in a separate browser without my Facebook login. It would then try to do a "security check" in which you have to answer a survey to prove that you're human. Being the smart Slashdotters we are, we know Captchas are how it's done. The main take-away: (1) Hover, look, and think before you click and (2) If the link goes outside Facebook, it is SPAM and should be reported.

  8. Re:Link? by Dogtanian · · Score: 2, Informative

    Reminds me of this bash.org quote.

    That's a great quote, so I kind of feel like a bastard for spoiling it, but... P2P programs generally recognise identical files by their hash value; so if the guy simply renamed some files that were already out there under their original name, they'd have used his copy for certain parts, even if people didn't search under it for that name.

    --
    "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  9. Re:Link? by Anonymous Coward · · Score: 2, Informative

    Probably NSFW depending how up tight your boss is:
    http://www.youtube.com/watch?v=It7cHFyms0Q