Facebook users have been making a lot of use of the new 'like' feature which allows users to link to webpages that they, well, like funnily enough. Not so funny when Facebook users are claiming to like a site called "101 Hottest Women in the World" which features an image of Jessica Alba. But don't be seduced...
Not that I've got anything against the Hollywood actress and sex symbol, but I do have a dislike for clickjacking (or Likejacking if you prefer) and that's what is happening here. According to security experts at Sophos as soon as anyone who is logged into Facebook clicks the like link and arrives at the destination, a single click anywhere on the page will update that user's Facebook profile without permission in order to add another 'like' recommendation and so virally spread the attack to an ever broader audience of unsuspecting fans of hot women.
It accomplishes this by using a hidden invisible button underneath your mouse pointer (a hidden iFrame) which captures any click and redirects it to the 'like' button. Of course, this is just the latest clickjacking attack in recent weeks. We've already seen similar scams using sites with link titles such as "This man takes a picture of himself EVERYDAY for 8 YEARS" and "This Girl Has An Interesting Way Of Eating A Banana" which are designed to attract the curious users within a social network. The attack growth trend is starting to get worrying. At the moment it is being exploited in order to make money via page views, but undoubtedly it won't be long until a more malicious payload is unleashed.
The whole 'like' clickjacking concept could even be seen as yet another nail in the coffin of Facebook, it's certainly doing nothing to fill me with confidence about security on the network that's for sure.