Quick Hits

Facebook Users Subjected To 'Likejacking' Exploit

iFrame hidden in 'liked' links is a new twist on clickjacking, researchers say
Facebook was hit over Memorial Day weekend with a new form of clickjacking designed to inflate the popularity of certain URLs.

According to a blog by Sophos researcher Graham Cluley and confirmed by other researchers, the bug is the third new exploit to hit the social networking site in the past three weekends.

"Affected profiles can be identified by seeing that the Facebook user has apparently 'liked' a link," Cluley says. "Clicking on the links takes Facebook users to what appears to be a blank page with just the message, 'Click here to continue.'

"However, clicking at any point of the page publishes the same message [via an invisible iFrame] to their own Facebook page, in a similar fashion to the 'Fbhole' worm we saw earlier this month. The trick, which uses a clickjacking exploit, means that visiting users are tricked into 'liking' a page without necessarily realizing they are recommending it to all of their Facebook friends."

The offending Web pages as being infected by Troj/Iframe-ET, Sophos reports.

"If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links," Cluley advises. "Furthermore, you should view your profile, click on your Info tab, and remove any of the pages from your 'Likes and interests' section."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.