Facebook users have been making a lot of use of the new 'like' feature which allows users to link to webpages that they, well, like funnily enough. Not so funny when Facebook users are claiming to like a site called "101 Hottest Women in the World" which features an image of Jessica Alba. But don't be seduced...

Not that I've got anything against the Hollywood actress and sex symbol, but I do have a dislike for clickjacking (or Likejacking if you prefer) and that's what is happening here. According to security experts at Sophos as soon as anyone who is logged into Facebook clicks the like link and arrives at the destination, a single click anywhere on the page will update that user's Facebook profile without permission in order to add another 'like' recommendation and so virally spread the attack to an ever broader audience of unsuspecting fans of hot women.

It accomplishes this by using a hidden invisible button underneath your mouse pointer (a hidden iFrame) which captures any click and redirects it to the 'like' button. Of course, this is just the latest clickjacking attack in recent weeks. We've already seen similar scams using sites with link titles such as "This man takes a picture of himself EVERYDAY for 8 YEARS" and "This Girl Has An Interesting Way Of Eating A Banana" which are designed to attract the curious users within a social network. The attack growth trend is starting to get worrying. At the moment it is being exploited in order to make money via page views, but undoubtedly it won't be long until a more malicious payload is unleashed.

The whole 'like' clickjacking concept could even be seen as yet another nail in the coffin of Facebook, it's certainly doing nothing to fill me with confidence about security on the network that's for sure.

Edited by happygeek: n/a

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

8 Years
Discussion Span
Last Post by rocco88

Thanks for bringing this up. Its sad but true that the whole intention of businesses to join Facebook is to grow - either with the intention of the user or not - their business. This is another example why Facebook may shun additional users.


Thanks for sharing the issue here. I haven't had any idea about that. This is one of the examples of badly using social networking like facebook!

Edited by mystryworld: n/a

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.