Free tool to combat Facebook security issues
Zscaler released a free security tool that protects against malicious threats, scams and spam propagated on Facebook through a technique called “Likejacking.” Likejacking Prevention is available today as a plug-in for Firefox, Chrome and Safari browsers.
Likejacking is a form of Clickjacking, which causes people to be surreptitiously tricked into clicking one or more hidden links on a web page.
With Likejacking, attackers exploit the Facebook “Like” button and other widgets – including the latest announced “Listened,” “Watched” and “Read” gestures, game “Challenge” button, and even the “Dislike” button if implemented – by getting people to click them.
The “Like” buttons are often hidden transparently behind a “Play” or other button, causing you to click without knowing that you just unintentionally “Liked” something; this causes the content to appear in your friends’ News Feeds with a link back to the “Liked” website.
The result, as you can imagine, is that it can spread virally very quickly from network to network, enabling the attacker to spread malicious links, propagate spam and conduct other types of social engineering attacks.
According to Michael Sutton, VP of Security Research, “Communication mediums on the Internet have shifted and attackers have quickly adapted. Whereas spam email was once the communication medium of choice for attackers, they now leverage social networks to communicate with victims. Overall, Facebook is a more effective social engineering tool because, when exploited, the communication is coming directly from a trusted source. Unfortunately, browsers remain vulnerable to web-based attacks such as Likejacking, and mobile browsers and traditional security solutions have failed to address this threat.”