Porn plus Facebook can lead to embarrassment, perhaps worse

Facebook and its infrastructure didn't seem to be at fault

The mechanism behind a click-jacking attack that was spread by luring in Facebook users with a link to a porn site that has the potential to do more damage than just embarrassing those who fall for it.

When users clicked on a link posted to a friend's Facebook wall, their Firefox browsers were tricked into updating the victims' own Facebook settings so the same link is posted on their wall, a Facebook spokesman says.

12 tips for safe social networking

Facebook has responded by blocking the URL associated with the porn site and is taking down the links on affected users' walls. "Overall, an extremely small percentage of users were affected," a Facebook spokesman said via e-mail. "As always, we’re asking people not to click on suspicious links, even if they've been sent or posted by friends." (see the Facebook security page.)

Duped users wind up with the photo on their wall of a woman wearing a thong. If they click on the photo, they are directed to a site where, if they click on a button marked "click this button," the Facebook worm does its work, says Roger Thompson, the chief security researcher at security software vendor AVG, who blogged about the problem and posted a demonstration of how it worked .

The exploit didn't work with Internet Explorer, Thompson says.

Embarrassment and possible chastisement seemed to be the downside of falling victim. "[The photo link] advertises to all your friends that you went there, so it could get you in trouble with your spouse, family member or your employer if you're doing it at work," Thompson says.

But the mechanism could just as easily be used to steal passwords cached in browsers or inject other worms into them, he says. "It seems an awfully good hack just to direct people to an adult Web site for very small gain," he says. "How do they profit from that?"

Facebook and its infrastructure didn't seem to be at fault, Thompson says. They were interacting with what seemed to be a legitimate user who has logged in properly.

The Facebook spokesman says the site is hit by phishing and malware attacks daily and has automated systems that detect and flag Facebook accounts that are likely to be compromised. "We also delete malicious links and block them from being shared, and we work with third parties to get phishing and malware sites added to browser blacklists or taken down completely," he says.

More about: AVG (AU/NZ) Pty Ltd, Facebook
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: social networking, security, Facebook, clickjacking
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/205/divx-plus/

DivX Plus

Divx Plus 8 provides you with a Web Player which allows you to watch DivX, AVI and MKV videos in your web brower; you can ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia