Farmville and Sex and the City 2 used for Facebook clickjacking

PandaLabs reported the proliferation of scams hijacking the Facebook “Like” option. The attack uses eye-catching messages related to the popular game Farmville or the Sex and the City 2 movie to grab the attention of logged-in Facebook users as they browse Web pages with the “Like” button, the Facebook wall feature or messaging system.

Clicking the link brings the user to a Web page containing photos and videos of the relevant topic. A message is displayed on the user’s Facebook profile indicating that they like it, with a text not controlled by the user.

This technique, known as clickjacking, uses a simple application to launch a Javascript action. Visiting users are tricked into liking a page without necessarily realizing that they are recommending it to all of their Facebook friends. The real business stems from the pay-per-click system, which counts every click and generates revenue for affiliates, and from the tests offered to users on every page, which they must pay to make.

“Cyber-criminals can make money just by tricking you into visiting a Web page with ads”, Luis Corrons says. “Or worse still, they can spread malware and infect you. This possibility has not yet been exploited, but it would be relatively easy and effective to do.”




Share this