Clickjackers still Chasing Facebook
August 21, 2012
By Roger Thompson

A friend recently asked me to check whether a particular link was malicious, so I fired up my trusty sacrificial goat pc, and clicked the link in question.

I was taken to this page that on the surface looks a bit like a Facebook page…

Note that it says you won’t believe what you’re about to see, which is actually a sort of a fair comment, because you really won’t believe it, but not for the reasons they are implying.

This, by the way, was FireFox. If you happen to view it  in an older version of Internet Explorer, you see a slightly different screen …

Instead of an enticing and inviting play button, you see some Facebook Like and Send buttons. This is what’s known as ClickJacking, or LikeJacking. In the vulnerable browser, these buttons are sitting over the top of the Play button, but are invisible. The unwary victim tries to click the Play, but instead, actually clicks the Like, without knowing it, and all your friends on Facebook, including perhaps mom and dad, or your spouse, get to see that you liked this picture…

which might be slightly embarrassing.

The Facebook posting has happened in the background, with no warning to the victim,  but meanwhile, back at the ranch… uh … website …. the usual m.o. is to start asking you to fill out surveys “to prove you are a human”. Personally I think it’s to prove you are gullible, and finally, some ten or fifteen surveys later, they ask for your cellphone number “as a final step”.  If you read the small print on this page, they tell you that they intend to charge your cell phone $9.95 a month until you wake up.

This one has an extra, and slightly different twist, however, and tries to get you to install a Downloader, by telling you that you need to update your YouTube Player.

The moral of the story is that if ever you are invited to look at a video that “is the most amazing” or “you just won’t believe”, just ignore it.

And, if ever you are asked to install an update so that you can view a video, or a special player, just ignore it. It’s much safer.

If you really think your Flash player might be out of date, go straight to adobe.com, and get it right from the horse’s mouth, so as to speak.

It’s a tricky Internet, folks. Stay safe.

Terms: Anti-Malware

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.