Slashdot Mirror

← Back to Stories (view on slashdot.org)

Clickjacking Worm Exploits Facebook "Like" Feature

Posted by StoneLion on from the it's-no-robert-morris dept.

An anonymous reader writes "For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.

1 of 124 comments (clear)

  1. Re:NoScript by Anonymous Coward · · Score: 4, Interesting

    Here's the line from my unbound.conf that solves all Facebook related problems for me:
    local-zone: "facebook.com." static
    followed by no local-data lines.
    I see "address not found" error messages on lots of web pages: Facebook iframes are freaking everywhere. No more.