Viral clickjacking Facebook worm spreads

Yet another clickjacking attack has recently been aimed at Facebook users.

If you see messages such as “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”, “This man takes a picture of himself EVERYDAY for 8 YEARS!!”, “The Prom Dress That Got This Girl Suspended From School.”, and “This Girl Has An Interesting Way Of Eating A Banana, Check It Out!” on a friend’s Facebook page, you can be pretty sure they have clicked on the same message that came up on their friend’s page.

Clicking on any of those links sends the user to a web page that sports – black on white – only one line of text: “Click here to continue”.

A click on any spot of the page (text or not) makes the message be published on your Facebook page. The culprit is a hidden iFrame, which actually makes you “like” a page by the same name as the message:

A curious friend clicks on the link, and the clickjacking worm starts a new cycle.

Graham Cluley recommends to users that have fallen for the scheme to review their news feed and delete the offending messages, then removing the page(s) from their “Likes and interests” section.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss