SECURITY TO THE CORE

Facebook Clickjacking Attacks: Avoid Them !!


I am sure many of you have the burning desire to click on a post of your friends’ Facebook wall that says “Pictures of hot girls in bikinis I took” or “Hot MMS i made” don’t be too hasty to click on those links because it may be a Clickjacking attack.

Over the past couple of years, i have witnessed first-hand on how a millions of Facbeook users have been duped into clicking on bogus/maicious links  that either redirects their web browsers to a phishing site or to other malicious sites in an effort to compromise their account as well as their system. In addition to that i have saw some clickjacking scams spread malware (Malicious Software). These days hackers have created new and clever ways to fool or to entice computer users into relinquishing their personal information which can range from their home address to their credit card number or even their social security number. But you know, Facebook users can avoid all of this if they know how to recognize and avoid these clickjacking attacks.

What is Clickjacking?

“Clickjacking” which is also known as “Likejacking” is is a malicious technique or you can say a sneaky process of tricking a web user into revealing personal or confidential information all through a user clicking on seemingly innocuous (thought to be harmless) web pages. Clickjacking is relatively new as it has only been known to be used for malicious purposes over the past couple years by hackers and malware authors. Most of the time, a clickjacking link on Facebook is related to recent popular news, eye catchy phrases, or rather an enticing subject.

How to recognize a Clickjacking  link on Facebook?

On Facebook, Clickjacking attacks are designed to arouse the curiosity of a user. To easily find out a clickjacking link, be on the lookout for a short link/phrase or sentence. Sometimes these short phrases/links or sentences are provocative so that it will easily grab your attention. Identifying these types of phrases can be little difficult process due to the nature of Facebook status updates. One difference in a normal Facebook status update and a clickjacking phrase is that the clickjacking update may prove to be catchy. Would you rather see images of your mom knitting a sweater or pictures of your girlfriend getting drunk at soccer? Beware !! Don’t answer that.

Recently i have saw some Clickjacking phrases which uses improper grammar, spellings that prove to be completely wrong. Usually you  may know what type of links friends on Facebook generally post. If all-of-a-sudden they start posting out of character, chances are that it is a malicious link from a malware infection or clickjacking attack. Usually clickjacking links have some  sort of unfamiliar characters in the URL link address that may be posted at the end of very phrase. Be on the watch for web links that looks like hxxp://suka-bitch.co.cc/46/0aa3b64d4eb2f776158847eb9127ea36.php/xml (Do Not Open) or hxxp://kinosex-video.ru/files/xxx_video_291.avi (Do Not Open). These links may include php code that runs malicious payloads leading you to malware.

How to avoid Clickjacking attacks?

Many of the clickjacking links on Facebook, once clicked on by user, are taken to a third-party Website which displays a pop-up or a message “Click here to continue if you are 18 years of age or above”, a bogus ‘Security Check’ that in reality is a method for posting the clickjacking attack link to your own Facebook profile instead of a “conformation that you are 18 years old”

A bogus "Security Check"

Sometimes the initial ‘Security Check’ dialog is followed by another one where you need to verify that you’re human, in order to avoid spam bots, just like a legitimate CAPTCHA check would on any other website. By clicking the ‘Submit’ button, you may thought that you proved you’re human but in reality you would have posted the clickjacking attack on your Facebook profile.

A Bogus "Security Check" (CAPTCHA)

“Attacks like this spreads very, very fast,”

Always keep in your mind that, clickjacking links will normally come from your Facebook friends because at one time they fell victim to the attack and it was posted on their profile. Whenever you have a doubt about a particular link on a Friends’ Facebook profile, do not click on it at any cost. Facebook’s privacy/security settings wouldn’t keep users safe from the “likejacking” attacks, so you should know on which URL’s or applications you’re clicking on before you click the ‘like’ button. Remember, “Its better to be Safe than Sorry”..

Advertisements

14 responses

  1. Pingback: Who polices the bogus websites? | ClickBank

  2. These sort off attacks really sucks, but IMO they’re easy to spot. If you’re clicking on anything on the title which was posted on Facebook, you’re either an idiot or a pederast.You deserve to be shot if you start sharing that sort of crap anyway.
    These type of stuffs has been around for a while. Nothing new. Just delete the status post if it happens….

    October 12, 2010 at 19:51

  3. Robert

    Recently i have saw this last week. It’s really easy to detect: just look at the status bar when you are about to click anything on the web page.

    October 12, 2010 at 20:09

  4. Sarah Jones

    Hi Avinash,
    Thank you so much for your help. I have been deleting a lot of things that come in now or that I’m not sure about. I really really appreciate your help so much.

    October 12, 2010 at 20:17

  5. RickySmart

    Recently i’ve been clickjacked by mbosoft.com and a Coco Cola Scam. After that i was unable to delete it from my profile under interests and activities.
    But after some help form Facebook executives i was able to remove it completely..

    October 12, 2010 at 20:23

  6. Merrily

    These clickjacking are real easy to spot. Unfortunately, people are always careless and they keep on clicking on everything they see on their friend’s walls. Look at the link….THEN click and bingo get infected …

    October 12, 2010 at 20:27

  7. Ronnie

    In past this had caused me a great inconvenience, having to explain to all my Facebook and even twitter friends that I’m not spamming them.
    Facebook is just too wide open, with all the intrusive advertising the one gets on their pages.. IMO these advertisements should be BAN from Facebook.

    By the way i must say that you have made a nice effort “Avinash”… Keep updating you blog on regular interval of times.

    October 12, 2010 at 20:31

  8. Matt Williams

    Yet another great reason to Quit Facebook now.. lol

    October 12, 2010 at 20:35

  9. Dragon Man

    This kind of stuff is all over the internet. As Avinash said, If people are sharing stuff that seems outside of their character, or the website just seems much to random then better you stay away from that. I’ve done that for years and have yet to get screwed by one of these things.

    October 12, 2010 at 21:30

  10. Adam

    For a Mozilla firefox users, this is very easy to avoid.
    Download the addon “NoScript” for firefox and bingo you will not be harmed by any attempt of Clickjacking…

    Better use Firefox with No-Script rather Internet Explorer which is full of security holes.

    October 12, 2010 at 21:36

  11. Pingback: Combat The Top 5 Hidden Computer Security Threats !! « Tєchno Nxt

  12. Pingback: Reported Attack Page: A latest malicious trick from Security Tool (Rogue Anti-Virus) « Tєchno Nxt

  13. Tyrell

    Awesome web site you have by the way..

    December 16, 2010 at 17:09

  14. Fessel

    Pretty good article. I just stumbled upon your site and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.

    December 20, 2010 at 04:21

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s