Clickjacking Worm Spreading Fast via Facebook

Security experts have warned that a clickjacking worm is fast spreading through Facebook, which deceives users to post it on the status updates, but it doesn't seem to be malevolent.

Mikko Hyponnen, Chief Research Officer, F-Secure, states that the worm displays the message - "try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=[random number]," as reported by SCMagazine on May 24, 2010. If the user clicks on the link, it takes him to another page that shows a bogus error message.

The message, via a clickjacking exploit, deceives the user to click on an invisible button, which would result in the publication of that message on his status update on Facebook. In fact, the whole process is accomplished with the help of an invisible iframe that tracks the mouse, forcing the user to click on an invisible publish button. The experts state that apart from posting the wall message, nothing happens.

Hyponnen further states that the worm is spreading on computers like a wildfire. The domain referred in the link is fbhole.com (from where the attack has originated). At present, the website is offline that indicate to the finishing of the attack. As per the reports, the domain was registered on May 20, 2010, and it pointed to an IP address in the Czech Republic. The domain was shared by another Czech site known as ironbrain.net.

Mikko Hypponen adds that he succeeded in dialing the number given on the fbhole.com site and within fifteen seconds of sharing the information, the website was taken offline, as reported by Sophos on May 21, 2010.

Graham Cluley, Senior Security Researcher, Sophos, states that the exploitation of clickjacking by cyber criminals has been seen in attacks against social networking websites. For instance - "Don't click" attack was discovered on Twitter in early 2009, as reported by Sophos on May 21, 2010.

Graham Cluley adds the good news is that unlike "Don't click" Twitter attack, the recent attack against Facebook was more driven by mischief instead of money.

Citing the latest attack as an example, the security researchers have revealed that one the important findings of 2010 Threat Report of Sophos was quite astonishing - a rise of 70% in malware attacks through social networking websites. Facebook was conferred with the award of the most risky social networking website by the participants of the survey.

Related article: Clickjacking Attack Hit Facebook

» SPAMfighter News - 6/1/2010