Clickjacking Worm Exploits Facebook "Like" Feature 124
An anonymous reader writes "For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.
Re:NoScript (Score:4, Interesting)
Here's the line from my unbound.conf that solves all Facebook related problems for me:
local-zone: "facebook.com." static
followed by no local-data lines.
I see "address not found" error messages on lots of web pages: Facebook iframes are freaking everywhere. No more.
Re:StoneLion (Score:4, Interesting)
If you click on his name, it shows he's one of those social media guys. "Slight" would be an understatement, and understandably - it's his job.
Plus, Facebook is in the news for its' privacy screw-ups. They have less than 3 months left in their deal with the Canadian government to bring their site into compliance with Canadian law (which is what got the whole "Facebook has a privacy problem" thing going 9 months ago, and got other governments to then launch similar probes).
Re:Interesting, but... (Score:2, Interesting)
I figured it was probably malicious, but it was from a friend who's usually on the up-and-up, so I jacked up my security temporarily, and clicked. When I got the big white page with "click to continue," yeah, that's confirmation. Not a single one of those is in any way legit. Ever.
Re:NoScript (Score:3, Interesting)
Reason #1 why I refuse to switch to Chrome.
Re:Advice (Score:4, Interesting)
"P.S: Do we have to remind people that this shit work only on M$ platform?"
iFrame malware isn't *JUST* a Windows issue. Think harder next time.
Re:Link? (Score:3, Interesting)
I know because I tried clicking on it
Reminds me of this bash.org quote. [bash.org]