A new clickjacking worm is spreading through Facebook via the ‘Like’ feature. The attack, which is said to have hit hundreds of thousands of users, uses a combination of social engineering and clickjacking exploit makes it appear as if a user has “liked” a link.
The messages that are being used in the link text include, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE,” “This man takes a picture of himself EVERYDAY for 8 YEARS!!,” “The Prom Dress That Got This Girl Suspended From School” and “This Girl Has An Interesting Way Of Eating A Banana (), Check It Out!”
When a user clicks on the text that appears to be “liked” he is taken to a blank page that just has the text, “Click here to continue.” Clicking anywhere on that page will then publish the same message to that users Facebook () page.