Facebook users warned about new viral clickjacking worm

Unlike the humorous Clickjacking worm spotted a week ago by F-Secure, Infosecurity notes that this latest worm appears a lot more malevolent, routing Facebook users to what appears to be a blank page saying 'click here to continue.'

When the page link is clicked, reports suggest that users are then infected with a trojan.

Reporting on the weekend mass infection last night, Graham Cluley, senior security consultant with Sophos, said that the attack vector seems similar to the fbhole infection seen earlier in May in that it uses an invisible iFrame attack to achieve an infection.

This latest infection, however, is more subtle, says Cluley, with infected accounts generating a Facebook profile showing that the users has 'liked' a link.

"Messages seen being used by the spammers include: `LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.' `This man takes a picture of himself EVERYDAY for 8 YEARS!!' and `The Prom Dress That Got This Girl Suspended From School'", he noted.

"The trick, which uses a clickjacking exploit, means that visiting users are tricked into `liking' a page without necessarily realising they are recommending it to all of their Facebook friends", said Cluley in his latest security blog posting.

Sophos, he says, has detected the offending webpages as being infected by Troj/Iframe-ET.

"If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your `likes and interests' section", he said.


What’s Hot on Infosecurity Magazine?