New Clickjacking Scam Unveiled On Facebook

Security firm Sophos found that cybercriminals had launched a new kind of clickjacking worm on Facebook, as reported by The Register on August 18, 2010.

The recent attack relies on scamming users into using the Facebook feature "Share" without informing internet users that the content is being shared. In contrast, a similar clickjacking assault dating back in May, 2010 relied on tricking users into imprudent use of the "Like" features of the social networking websites.

This latest worm circulates by attracting users to one of the Facebook fan pages; for instance, "Top 10 Funny T-shirt Fails ROFL." After the page loads, internet users are requested to confirm that they are humans by clicking through a sequence of three steps. But when the users click on these series, they actually install a malicious script from an external domain which secretively shares the link to their profile page.

As per Sophos, on the second step, users are requested to click on the button "Next". At that moment, the scam actually begins as the "Next" button does not possess any functionality in reality and is just an imitation. But underneath this "Next" button, a functional button "Share" is hidden.

Although it seems that the users are just clicking on the "Next" button to finish the series, they are actually posting that page to user's profile via the Share function.

But the scam doesn't stop here. The complete plan is to get the user to the third and final step where he will be required to fill in a revenue generating survey for cybercriminals. The survey form asks the victims to furnish their personal details to win computer, prizes or to participate in some contest. Sophos found that the survey asks user's to mention their cell phone number along other details.

In case the users are unaware of such scams, they will not observe that the fine print which very clearly says that if they do so, they will be automatically signing up for an auto renewing subscription that would charge them $5 weekly through their cell phone operators.

Facebook immediately responded to the threat by deleting fan pages linked with the scam. Furthermore, the security firm has blocked the domain harboring the malicious code.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 8/26/2010