Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Facebook Clickjacking Worm


  • Please log in to reply
2 replies to this topic

#1 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 18 August 2010 - 07:31 AM

New Facebook Clickjacking Worm
Graham blogged about a Facebook clickjacking worm back in May which we dubbed Likejacking — for a number of weeks the threat ran rampant throughout Facebook. Since then, it has calmed down quite a bit and we don't see much likejacking anymore. However, today we came across a new form of clickjacking where, instead of tricking the user into liking something, it tricks them into using the Facebook “Share” feature without requiring the user to acknowledge the fact that they're sharing it.

forum.securitycadets.com

Cheers
KarstenHansen

Edited by KarstenHansen, 18 August 2010 - 01:20 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:06 AM

Posted 19 August 2010 - 06:31 AM

By Alison Diana
InformationWeek
August 18, 2010 11:18 AM http://www.informationweek.com/news/securi...ly_2010-08-19_h
.........Those using Firefox plug-in NoScript receive a warning, cautioning them that NoScript "intercepted a mouse or keyboard interaction with a partially hidden element." At this point, users have the option to keep the element locked, which is recommended, or disregarding NoScript's recommendation and opening up the link.

However, those Facebook account-holders not running NoScript or not paying attention will find their profile pages sharing content that links them to a malicious domain, said Komili.

"Clicking the link sends you to one of many fan pages all serving the exact same content. It seems a fan page is chosen at random," he said.

Anyone victimized by this scam should select "Remove" to clear the content from their profile and help prevent the further spreading of the social networking disease, said Komili. .................



Facebook Clickjacking Attack Spreading Through Share Button

"Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.

By Alison Diana
InformationWeek
August 18, 2010 11:18 AM

Facebook users came under attack from a new clickjacking scam that could result in lost money as well as aggravation, spread by the social networking site's Share button.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 KarstenHansen

KarstenHansen

    The Dane

  • Topic Starter

  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 19 August 2010 - 07:06 AM

Graham blogged about a Facebook clickjacking worm back in May which we dubbed Likejacking for a number of weeks the threat ran rampant throughout Facebook. Since then, it has calmed down quite a bit and we dont see much likejacking anymore. However, today we came across a new form of clickjacking where, instead of tricking the user into liking something, it tricks them into using the Facebook Share feature without requiring the user to acknowledge the fact that theyre sharing it.

sophoslabs

Here is some more info with alot of pictures!

Enjoy
Karsten




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users