Porn plus Facebook can lead to embarrassment, perhaps worse

Facebook and its infrastructure didn't seem to be at fault

The mechanism behind a click-jacking attack that was spread by luring in Facebook users with a link to a porn site that has the potential to do more damage than just embarrassing those who fall for it.

When users clicked on a link posted to a friend's Facebook wall, their Firefox browsers were tricked into updating the victims' own Facebook settings so the same link is posted on their wall, a Facebook spokesman says.

12 tips for safe social networking

Facebook has responded by blocking the URL associated with the porn site and is taking down the links on affected users' walls. "Overall, an extremely small percentage of users were affected," a Facebook spokesman said via e-mail. "As always, we’re asking people not to click on suspicious links, even if they've been sent or posted by friends." (see the Facebook security page.)

Duped users wind up with the photo on their wall of a woman wearing a thong. If they click on the photo, they are directed to a site where, if they click on a button marked "click this button," the Facebook worm does its work, says Roger Thompson, the chief security researcher at security software vendor AVG, who blogged about the problem and posted a demonstration of how it worked .

The exploit didn't work with Internet Explorer, Thompson says.

Embarrassment and possible chastisement seemed to be the downside of falling victim. "[The photo link] advertises to all your friends that you went there, so it could get you in trouble with your spouse, family member or your employer if you're doing it at work," Thompson says.

But the mechanism could just as easily be used to steal passwords cached in browsers or inject other worms into them, he says. "It seems an awfully good hack just to direct people to an adult Web site for very small gain," he says. "How do they profit from that?"

Facebook and its infrastructure didn't seem to be at fault, Thompson says. They were interacting with what seemed to be a legitimate user who has logged in properly.

The Facebook spokesman says the site is hit by phishing and malware attacks daily and has automated systems that detect and flag Facebook accounts that are likely to be compromised. "We also delete malicious links and block them from being shared, and we work with third parties to get phishing and malware sites added to browser blacklists or taken down completely," he says.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Facebooksocial networkingclickjacking

More about AVG Technologies AUFacebook

Show Comments
[]