Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 31st, 2010

Clickjacking Worm Hits Facebook, Hundreds Of Thousands Affected

A clickjacking worm that forced hundreds of thousands of unsuspecting Facebook users to unknowingly post spam messages on their profiles, rapidly spread through the social networking website over the weekend. The worm used catchy news headlines to lure its victims into the trap.

Clickjacking is a Web attack technique that involves hijacking users’ mouse clicks on a page (hence its name) and using them to trigger unauthorized actions. The attack is technically known as user interface (UI) redressing because it hides a clickable object, such as a button, by making it transparent and superimposing it over a non-dangerous looking one.

Though not new, the technique was only brought into the public attention last year, when reputed Web security researchers Jeremiah Grossman and Robert Hansen disclosed some critical attacks based on it. One of them allowed ill-intent hackers to turn on a computer’s Web camera and microphone by exploiting a bug in the Flash Player Settings Manager.

The latest Facebook worm seems to be a proof of concept, because it does nothing destructive and its only purpose is to propagate. The offending messages posted on its victims’ profiles are based on real and catchy news topics from the past several months. “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE”, “This man takes a picture of himself EVERYDAY for 8 YEARS!!”, “The Prom Dress That Got This Girl Suspended From School”, or “This Girl Has An Interesting Way Of Eating A Banana, Check It Out!” are some of the examples.

Clicking on the messages takes users to external pages hosted at, which only display a text that reads “Click here to continue.” However, clicking anywhere on the page abuses a user’s active Facebook session to publishing a spam message back to his profile.

“The trick, which uses a clickjacking exploit, means that visiting users are tricked into ‘liking’ a page without necessarily realising they are recommending it to all of their Facebook friends. […] If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your ‘Likes and interests’ section,” advises Graham Cluley, senior technology consultant at Sophos, who’s antivirus products detect this threat as Troj/Iframe-ET.

To protect themselves, Mozilla Firefox users can install and use NoScript, a browser extension, which includes protection against clickjacking attacks, amongst others.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Facebook Mobile API XSS Vulnerability Used To Launch Spam Worm
  • Facebook Hit With A New Clickjacking Worm
  • Facebook Users Can Be Forced Into Liking Arbitrary Pages Through Clickjacking
  • New Storm Worm Spam Campaign Mentions FBI And Facebook
  • Hundreds Of Thousands Of Consumers Exposed To Fraud

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Clickjacking Worm Hits Facebook, Hundreds Of Thousands Affected

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.