Facebook virus alert – Clickjacking

fb1 Facebook is cleaning up after a clickjacking attack that infiltrated the social networking site this week — and security experts say this won’t be the last such attack.

Clickjacking, in which an attacker slips a malicious link or malware onto a legitimate Web page that appears to contain normal content, is an emerging threat experts have been warning about. The attack on Facebook was in the form of a comment on a user’s account with a photo that lured the victim to click on it. The embedded link took the victim to a Web page that presented like a CAPTCHA or Turing test, and asked the user to click on a blue "Share" button on the Facebook page.

Once clicked, the victim is redirected to a YouTube video, and then the same post shows up on the victim’s account and thus tries to infect his or her friends. Security experts say the attack appeared to be more of a prank or trial balloon, and it affects only Firefox and Chrome browsers, according to security expert Krzysztof Kotowicz, who blogged about the attack this week.

Facebook has now blocked the URL to the malicious site, [fb.59.to] "This problem isn’t specific to Facebook, but we’re always working to improve our systems and are building additional protections against this type of behavior. We’ve blocked the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted — something email providers, for example, can’t do," a Facebook spokesperson says.

Read more on DarkReading.com


4 thoughts on “Facebook virus alert – Clickjacking

  1. Pingback: uberVU - social comments

  2. I can’t login into my account.

    in my last access to focebook i received a strange online message from a friend, telling me about a video in which i’m in with a link. for surity, i clicked the link but it led to another facebook page asking for my password to verify my authenticity in order to display that video. but no video appeared.. it asked for a plugin installation that i didn’t do.
    after that i checked with that friend of mine, he said that, he’s not online and perhaps it has been a virus. I logged out.

    the next day when i’m trying to login it suggested that i must reset my password. that i did. and a verification mail came from:
    i entered the verification number and reset my password. a reset confirmation has also come from the same mail id.

    still when ever i’m trying to login after that, it is asking for a security check. but the word or audio captcha is not loading even after 20/30 mins. why is it showing a designless html page? and why the hell am i being sent to :
    this page??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s