Viral clickjacking ‘Like’ worm hits Facebook users

Graham Cluley
@gcluley

Hundreds of thousands of Facebook users have fallen for a social-engineering trick which allowed a clickjacking worm to spread quickly over Facebook this holiday weekend.

Affected profiles can be identified by seeing that the Facebook user has apparently “liked” a link:

Messages seen being used by the spammers include:

“LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”

“This man takes a picture of himself EVERYDAY for 8 YEARS!!”

“The Prom Dress That Got This Girl Suspended From School.”

“This Girl Has An Interesting Way Of Eating A Banana, Check It Out!”

Clicking on the links takes Facebook users to what appears to be a blank page with just the message “Click here to continue”.

However, clicking at any point of the page publishes the same message (via an invisible iFrame) to their own Facebook page, in a similar fashion to the…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.