Facebook Users Fall Victim To ‘Likejacking’ Attacks

Attackers have updated a clickjacking attack targeting Facebook users that Sophos has dubbed “likejacking.”

During Memorial Day weekend in the US, a clickjacking worm roped in hundreds of thousands of Facebook members with messages such as “The Prom Dress That Got This Girl Suspended From School.” This time however, the attackers are using a new set of lures, including a promise of naked pictures of rock singer Hayley Williams of the band Paramore and teen pop singer Justin Bieber’s phone number.

Link spreads virally

Clicking on the links takes Facebook users to a third-party site with a message that reads, “Click here to continue if you are 18 years of age or above.” Wherever the visitor clicks on the site, the mouse click is hijacked, forcing a click on a button that tells Facebook they “like” the webpage. This gets published on the person’s Facebook page and shared with their friends, spreading the link virally.

The attacks using references to Bieber and Williams are only two examples. Others include a link targeting World Cup enthusiasts that prompts the visitor to install what purports to be an “HD Flash TV plugin”; a link for a site claiming to be about the BP oil spill; and another claiming to be about the movie “Shrek Forever After.”

So far, the attackers don’t seem to be doing anything malicious other than disrupting users’ Facebook accounts. However, attackers could always take it a step further, noted Sophos Senior Technology Consultant Graham Cluley.

“The number of attacks appears to be increasing as more people discover just how easy this is to do, and there’s a real danger that things could turn more malicious,” Cluley said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago