Facebook "Clickjacking" Spreads Across Facebook

http://news.bbc.co.uk/2/hi/technology/10224434.stm Page last updated at 9:54 GMT, Thursday, 3 June 2010 10:54 UK E-mail this to a friend Printable version One link claims to be nude pictures of Paramore singer Hayley Williams Hundreds of thousands of Facebook users are falling victim to so-called "clickjacking" attacks, warn web security labs. Facebook members see links to subjects such as "World Cup 2010 in HD" or "Justin Bieber's phone number" that their friends appear to have "liked". Clicking the link tricks users into recommending the site on Facebook too. Security experts say the scam currently has no malicious intent but could be adapted to deliver malware. The link generally takes the user through to a page containing an instruction, such as asking them to click a button to confirm that they are over 18. However, wherever they click on the page it adds a link to their own Facebook profile saying they have also "liked" the site. Currently the purpose of clickjacking is "trivial" and does not actively result in any malware or phishing attacks, said Graham Cluley, senior technology consultant at Sophos. "At the moment the attacks which we've seen are more like old-school viruses - written for the heck of it to see how many fans they can get. "But our feeling is that it would be fairly easy for the bad guys to introduce some revenue generation for themselves," he told BBC News. Clickjacking works across all computer operating systems, added Mr Cluley. The Facebook attack uses iFrames, which essentially places an invisible button over an entire web page, so that wherever the user clicks, they end up hitting the button - in this case a hidden Facebook "like" button. A free plug-in called NoScript, built for the Firefox web browser, includes pop-up warnings about potential clickjacks. However, it will also query clicks on Flash videos, commonly used on many websites - and it is not easy to install, said Mr Cluley. "You have to be a little bit nerdy to configure it." Bookmark with Delicious Digg Facebook reddit StumbleUpon What are these? E-mail this to a friend Ads by Deegle Colon Health: Before you do anything, you must do a Cleansing In order for any supplements to work well, it is necessary that they be absorbed. Fibre Systems Plus is designed to cleanse the kidneys, liver, intestines and blood. Even with just this ten day treatment alone, many begin to feel better right away. Fibre System Plus -  Item # 7180 30 packets/box 21.95   Click here:  http://shaperite.priormy4life.com/ ~ Merv Fingas (Author) "Major oil spills attract the attention of the public and the media..." (more)  Key Phrases: oil from the water surface, saturate group, bioaugmentation agents,  Environment Canada, United States,Oil Spill Response Limited (more...) Appetite Suppressant:  "Diet Magic"  http://www.symmetrydirect.com/HEAVENLYHANDS Fibre Systems Plus is designed to cleanse the kidneys, liver, intestines and blood.  Even with just this ten day treatment alone, many begin to feel better right away.   Item # 7180 30 packets/box 21.95   Click here: http://shaperite.priormy4life.com/