Jump to content
Ashlar

Facebook: Be careful what you "like"!

Recommended Posts

Heaps of this stuff has been spreading around lately... no doubt most of you are aware.

Just be careful, and don't click on stuff that looks dodgy!

 

Thousands of PCs have reportedly been infected with a Trojan delivered through a Facebook exploit, according to a security firm.

 

The clickjacking attack exploits Facebook’s ‘like’ function and spreads using fake status updates.

 

Sophos chief technical officer, Graham Cluely, wrote on his blog that the worm had spread quickly over the social networking site last weekend.

 

“Visiting users are tricked into ‘liking’ a page without necessarily realising they are recommending it to all of their Facebook friends,” Cluely wrote.

 

“If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your ‘likes and interests’ section.”

 

Users who follow the status update link are taken to a visibly blank page where a further link, once clicked, will deliver the Trojan/iframe-ET via a malicious hidden iFrame.

 

Cluely wrote that the bogus status updates include:

 

“LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE." "This man takes a picture of himself EVERYDAY for 8 YEARS!!" "The Prom Dress That Got This Girl Suspended From School." "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

 

The attack is similar to the Fbhole worm, that stung Facebook users in May.

 

Security researcher Narkolayev Shlomi detailed how the clickjacking attack works earlier this year.

 

-A-

[Edit: forgot link]

Edited by Ashlar

Share this post


Link to post
Share on other sites

Don't see why this was moved away from TGR -- its more of a public service announcement than specific security discussion. But what evs! :P

 

Thanks for the link, Chancellor.

 

 

-A-

Share this post


Link to post
Share on other sites

I don't use the Like stuff much, I spend most of my time in Farmville really.

Share this post


Link to post
Share on other sites

How is this a Trojan?

I was under the impression that a Trojan was a program a user downloaded thinking it was beneficial which essentially then gave access for someone to remotely access or remotely collect data about that user.

 

All this does is, through URL manipulation, like a page for the currently logged in facebook account.

 

edit: That's not to say it couldn't be exploited in the future but it doesn't seem to be malware, and it doesn't seem to end up downloading anything to the end user.

Edited by superfireydave

Share this post


Link to post
Share on other sites

How is this a Trojan?

I was under the impression that a Trojan was a program a user downloaded thinking it was beneficial which essentially then gave access for someone to remotely access or remotely collect data about that user.

 

All this does is, through URL manipulation, like a page for the currently logged in facebook account.

 

edit: That's not to say it couldn't be exploited in the future but it doesn't seem to be malware, and it doesn't seem to end up downloading anything to the end user.

http://www.sophos.com/blogs/gc/g/2010/05/3...-facebook-users

 

http://www.sophos.com/security/analyses/vi...ojiframeet.html

Doesn't actually specify what it does on there though, but they're classifying it as a trojan....

 

Being infected could potentially mean the "liked" page's owner could deliver the payload in some other form. Or since all your friends have automatically "liked" the page, someone has the potential to go clicking on it then following another link off to malicious software on another website.

 

 

-A-

Edited by Ashlar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×