What is Clickjacking? The newest Facebook threat tricks users into “liking” a page within Facebook, then suggests that page to your friends. The “liked” page may contain malicious links to non-secure sites outside of Facebook. It also damages the security of your reputation by posting to your profile that you “liked” this page, when in reality you never did. The victims of last weekend’s clickjacking worm number in the hundreds of thousands. How did the worm manage to spread so quickly? Unfortunately, social networks are the perfect medium for such viral content.
The four “liked” links of which users need to be aware are:
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
Intriguing, right? These are exactly the sorts of messages that would spread quickly, because we are constantly emailed or IM’d similar text or photos from friends—and they usually are funny and harmless. Cybercriminals, though, can and do prey on the lax standards we keep for links from friends. If you fell victim to the clickjacking worm, then an alert would appear on your profile that you “liked” the page. Any friend viewing your profile would think that because you “liked” it, and because they trust you, that the link must then be safe. They click, the scheme is perpetuated, and in this instance, so is a trojan.
If you’ve been clickjacked, immediately take the following steps:
- Delete all mentions of the page from your Facebook profile (in both your “Likes and Interests,” and on your profile page).
- If you post a message warning your friends that you’ve been infected, DO NOT link to the offending page.
- Run a virus scan on your computer to detect, block, and remove threats with complete antivirus and antispyware software.
- If you don’t have security software on your computer, get some! PC Tools Internet Security features ThreatFire™ Behavioral Intelligence and multi-layered browsing protection that will warn you of potentially malicious links before you click them.
Stay safe, and follow twitter.com/PCTools for the latest threat links, updates, and news!