IT security and data protection firm, Sophos, has advised Facebook users to be cautious following a widespread clickjacking attack that hit hundreds of thousands of users on the popular networking site over the holiday weekend.
According to the company officials, the affected profiles can be identified by having apparently 'liked' links with titles including— '[Facebook user name] likes LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.' 'This man takes a picture of himself EVERYDAY for 8 YEARS!!' 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' Clicking on the links takes Facebook users to a page with a single line of text reading, 'Click here to continue'. Clicking at any point on the page publishes the same message (via an invisible iFrame) to their own Facebook page in an attempt to aid the spread of the worm. "What the hackers have done is really sneaky. They hide an invisible button - using a hidden iFrame - under your mouse, so wherever you click your mouse-press is hijacked, secretly clicking on a button which tells Facebook that you 'like' the webpage. This then gets published on your own Facebook page and shared with your online friends, resulting in the link spreading virally," explained Graham Cluley, Senior Technology Consultant at Sophos. "Some of the pages ended up with hundreds of thousands of fans as a result. Facebook needs to tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers." Facebook users that have been affected should view the recent activity on their news feed and delete entries related to the offending links. In addition, they should view their profile, click on the 'Info' tab and remove any of the offending pages from the ‘Likes and interests’ section. Regards Sandeep Thakur On Tue, May 25, 2010 at 7:55 PM, N41K <[email protected]> wrote: > Thank you for that Sandy. > > Also I recommended to uninstall the flash application which is present > in Application option of Facebook. > > Regards, > Srinivas Naik > > On May 25, 2:21 pm, Sandeep Thakur <[email protected]> wrote: > > The first measure probably he could apply was to logout of Facebook > > instead of deleting the posts. Then, Clear Cookies/Cache/history etc > > and Close the browser (To get safe from Browser based attacks). Also, > > Check if any non legitimate application is running in the source > > system where he accessed facebook and close it from task manager (To > > get safe from Malware hidden in the system). > > > > Finally try login again to facebook to delete all such issue related > > posts/entries/etc and see if the issue persists. > > > > Regards > > Sandeep Thakur > > > > On May 24, 7:44 pm, Srinivas Naik <[email protected]> wrote: > > > > > > > > > Hii... > > > > > Today morning my colleague was totally desparate. He started saying > "please > > > help....." > > > > > I am *forced to block my Face book account*. > > > > > The he explained me the story that there was a request from his friend > > > to *watch > > > a Video* > > > > > He trusted the Message and started clicking to watch the video assuming > its > > > awesome!!!!! > > > > > Then he saw that Immediately it opened some akward things and *started > > > distributing messages to girls* in his friends list.. > > > > > then after *Half hour it started to guys*...... and then he went to > each of > > > their friend list and *deleted those posts*... > > > > > EVEN then it was running and *again started posting* the same to > > > everyone....... > > > > > *Utimately he Blocked his FACEBOOK account*..... Now he is waiting for > > > suggestion!!!!!!!!!!!!!!!! > > > > > The attack was this: > > > *Rogue Facebook apps launch 'beach babes' attack* > > > ** > > > ** > > > ***** Please be aware of such things.......* > > > ** > > > ** > > > *Regards,* > > > *Srinivas Naik* > > > > > -- > > > You received this message because you are subscribed to the Google > Groups "nforceit" group. > > > To post to this group, send an email to [email protected]. > > > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > > > For more options, visit this group athttp:// > groups.google.com/group/nforceit?hl=en-GB. > > > > -- > > You received this message because you are subscribed to the Google Groups > "nforceit" group. > > To post to this group, send an email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > > For more options, visit this group athttp:// > groups.google.com/group/nforceit?hl=en-GB. > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
