Facebook “101 hottest women” clickjacking attack

Another clickjacking attack taking advantage of the “Like” button option has targeted Facebook users. The lure is very simple – follow the link to see the 101 hottest women in the world:

According to Sophos, a click on the link takes you to a webpage with an image of Jessica Alba and a “Click here to continue-¦” link. Whether you follow it or click anywhere else on the page, your Facebook page will show you “liking” the page and probably lure your friends to click on it.

To mask its true nature, the page will also redirect you to a page featuring pictures of female celebrities on Maxim’s website.

Well, at least, it used to be so. Facebook has been alerted and blocked access to it:

This is the latest in the series of clickjacking attacks that has targeted Facebook users recently. The attackers take advantage of the users’ curiosity by luring them with funny pictures and videos, and obtain their goal: the visitors create revenue for the owner(s) of the site, since it is part of an advertising network.

As always, users are advised to delete the posting from their news feed and delete the offending item from their “Likes and Interests” section. But, the question remains: what is Facebook going to do to protect its users from the increasing number of clickjacking attacks?




Share this