Facebook "clickjacking" spreads across site
Hundreds of thousands of Facebook users are falling victim to so-called "clickjacking" attacks, warn web security labs.
Facebook members see links to subjects such as "World Cup 2010 in HD" or "Justin Bieber's phone number" that their friends appear to have "liked".
Clicking the link tricks users into recommending the site on Facebook too.
Security experts say the scam currently has no malicious intent but could be adapted to deliver malware.
The link generally takes the user through to a page containing an instruction, such as asking them to click a button to confirm that they are over 18.
However, wherever they click on the page it adds a link to their own Facebook profile saying they have also "liked" the site.
Currently the purpose of clickjacking is "trivial" and does not actively result in any malware or phishing attacks, said Graham Cluley, senior technology consultant at Sophos.
"At the moment the attacks which we've seen are more like old-school viruses - written for the heck of it to see how many fans they can get.
"But our feeling is that it would be fairly easy for the bad guys to introduce some revenue generation for themselves," he told BBC News.
Clickjacking works across all computer operating systems, added Mr Cluley.
The Facebook attack uses iFrames, which essentially places an invisible button over an entire web page, so that wherever the user clicks, they end up hitting the button - in this case a hidden Facebook "like" button.
A free plug-in called NoScript, built for the Firefox web browser, includes pop-up warnings about potential clickjacks.
However, it will also query clicks on Flash videos, commonly used on many websites - and it is not easy to install, said Mr Cluley.
"You have to be a little bit nerdy to configure it."
drmana...why you left the sentence incomplete????....BTW those type of relatioships are gaining ground. A very much in thing....:)
So we should start addressing QL and FB as he now and all the males here in love with QL as ... :-P
actually i dumped my boyfriend after FB.. :P
and lost interest in boyfriend since QL.. :(
Really? For me, FB and QL take a back seat to Ben & Jerry, the only reliable men in my life. :oD
hell with FB.
ignore my inbox, the newsfeed, friend requests, suggestions..
still FB remains my first bestfriend.. no one or nothing can change our friendship.
lol happy :-))
drmana....did I say anything otherwise...presuming that you are a female and a straight one too... since you said I love FB...generally FB should be male, isnt it...:) But now you make QL also a male...:) BTW are these some user ID's...:)
Happy, FB is my first love, QL comes second....No idea about their gender though :-P
Does that mean FB is a male....:)
Now that is presuming you are straight types...:)
lol...:)
Take your hatred for FB out of this thread, I love FB :-)
You pervert , it does not suck like that :-P
How does FB 'suck'?...:)
FB sucks. Period.
I never click on those links.
hmmmm.....don't know how people manage to interact on so many sites.
Had many such notifications.....didn't click any of them yet. They are so obvious as pranks :-)
hmmmmmmmmmm no comments so far!