Clickjacking Worm Spreads Over Facebook

Date: June 1, 2010

During this holiday weekend, a new clickjacking Worm had been spreading quickly over Facebook. Thousands of social network`s users have been lured by curiously looking messages that seeded the malware.

Facebook users that find the following "liked" links are told to be affected:
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

fbmessage.jpg

Figure 1. Poisoned FB Message

Clicking on the links takes Facebook users to what appears to be a blank page with just a simple text message "Click here to continue". If a user clicks on any spot of the page (text or not), the message is immediately published on his Facebook page.

clickheretocontinue.jpg

Figure 2. Click to Continue Page With Hidden iFrame

An invisible iFrame does the trick, meaning that visiting users are tricked into "liking" a page without necessarily realizing they are recommending it to all of their Facebook friends. A curious friend clicks on the link, and the clickjacking Worm starts a new cycle.

It is advised to view the recent activity on your news feed and erase the entries related to the above links. You should view your profile, click on your Info tab and remove any of the pages from your "Likes and interests" section.

Home Computer Worms Clickjacking Worm Spreads Over Facebook

Leave a Reply

What is 3 + 11 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math.