Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Clickjacking Worm Exploits Facebook "Like" Feature

StoneLion posted more than 4 years ago | from the it's-no-robert-morris dept.

Security 124

An anonymous reader writes "For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.

cancel ×

124 comments

Sorry! There are no comments related to the filter you selected.

StoneLion (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32407318)

It looks like StoneLion has a slight Facebook obsession.

Re:StoneLion (3, Interesting)

tomhudson (43916) | more than 4 years ago | (#32407724)

If you click on his name, it shows he's one of those social media guys. "Slight" would be an understatement, and understandably - it's his job.

Plus, Facebook is in the news for its' privacy screw-ups. They have less than 3 months left in their deal with the Canadian government to bring their site into compliance with Canadian law (which is what got the whole "Facebook has a privacy problem" thing going 9 months ago, and got other governments to then launch similar probes).

Link? (5, Funny)

Ecuador (740021) | more than 4 years ago | (#32407338)

I hate posts without proper links...
So, who will post the direct link to the girl with an interesting way of eating a banana?

Re:Link? (3, Informative)

DeadPixels (1391907) | more than 4 years ago | (#32407748)

Warning: This is a clickjacking attempt, obviously, so copy/paste the URL only if you want to see it for yourself. NoScript blocks it for me.

http://www.mprosperstats.info/bananalike/index.htm?ref=search&sid=dpf-GrMT3GTEEuQTlotyMg.3788977952..1

Re:Link? (1)

hduff (570443) | more than 4 years ago | (#32408136)

So is there a safe link to the bananna-eating girl pic? Just asking as a public service since it seems a lot of people want to see it.

Re:Link? (2, Informative)

Anonymous Coward | more than 4 years ago | (#32409240)

Probably NSFW depending how up tight your boss is:
http://www.youtube.com/watch?v=It7cHFyms0Q [youtube.com]

Re:Link? (0)

Anonymous Coward | more than 4 years ago | (#32409480)

So is there a safe link to the bananna-eating girl pic? Just asking as a public service since it seems a lot of people want to see it.

I have no idea what the clickjacked link was supposed to be for, but this thread reminds me of this (barely-safe-for-work) Motivational poster [moronail.net] featuring... well, if not the girl, then at least it features a girl with a banana.

Re:Link? (1)

Dumnezeu (1673634) | more than 4 years ago | (#32409348)

404

Re:Link? (0)

Anonymous Coward | more than 4 years ago | (#32409952)

Actually I think the new term is "bananajacking".

Re:Link? (2, Interesting)

alvinrod (889928) | more than 4 years ago | (#32408124)

You fool, there is no girl eating a banana. It was all a ruse, a nasty trick designed to play on your insatiable curiosity for the bizarre!

I know because I tried clicking on it :(

Reminds me of this bash.org quote. [bash.org]

Re:Link? (2, Informative)

Dogtanian (588974) | more than 4 years ago | (#32408748)

Reminds me of this bash.org quote.

That's a great quote, so I kind of feel like a bastard for spoiling it, but... P2P programs generally recognise identical files by their hash value; so if the guy simply renamed some files that were already out there under their original name, they'd have used his copy for certain parts, even if people didn't search under it for that name.

Re:Link? (3, Funny)

Low Ranked Craig (1327799) | more than 4 years ago | (#32408246)

The banana is a lie!

Re:Link? (1)

DarkOx (621550) | more than 4 years ago | (#32408710)

No the banana is real I assure you; the girl is the lie.

Re:Link? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32408336)

So, who will post the direct link to the girl with an interesting way of eating a banana?

I will. Here it is. [glumbert.com]

That video's got to be at least 3 years old, and I'm still impressed.

Re:Link? (0)

Anonymous Coward | more than 4 years ago | (#32408614)

Call me naive, but I'm just floored that an apparently average person could pull that off. Also ... the reaction of the boyfriend is hilarious. The way the expression on his face slowly changes cracks me up!

He'll be sad when he thinks long and hard about it (0)

Anonymous Coward | more than 4 years ago | (#32409850)

I wonder what she told him in order for him to become his Sympathy-boyfriend. One does not blow bananas as a talent, it's a business...

8===D O: == Muhammad (-1, Troll)

Sir_Lewk (967686) | more than 4 years ago | (#32407364)

Someone should use this to spread the word that Muhammad loved big dicks (with helpful illustrations of course). Worse that could happen is facebook would be compelled to fix the exploit.

Re:8===D O: == Muhammad (-1, Troll)

Sir_Lewk (967686) | more than 4 years ago | (#32407630)

Sorry guys, modding me "Troll" isn't going to work this time. The only way to make me stop preaching the truth about Muhammad and his love affair with giant uncut dicks is to remove my head from my neck by force. Come do it, or you are just an "all talk" swine.

Re:8===D O: == Muhammad (4, Informative)

DeadPixels (1391907) | more than 4 years ago | (#32407782)

The real problem isn't as much of an exploit so much as it is Facebook's platform for cross-site publishing is basically broken. They allow any site to act as the user with no confirmation other than a click, which as we've seen is easy to get via an invisible iFrame that follows the mouse. Aside from revamping the way they handle "Likes" and other such things on other sites, there's not much they can do to "fix" it.

Re:8===D O: == Muhammad (3, Insightful)

RobVB (1566105) | more than 4 years ago | (#32408100)

There's something everyone can do to fix it for themselves, though: log off when you're done using Facebook. Of course, that makes it harder to tell your little friends about how you "heart" (sorry, Like) various things.

Re:8===D O: == Muhammad (2, Insightful)

hduff (570443) | more than 4 years ago | (#32408168)

Much simpler to abandon security-plagued Facebook, the Windows 98 of social networking sites (myspace would be the Windows 95 equivalent).

Re:8===D O: == Muhammad (1)

buchner.johannes (1139593) | more than 3 years ago | (#32412152)

and replace it with ... ?

I was afraid to click the link... (3, Funny)

Robin47 (1379745) | more than 4 years ago | (#32407396)

after that article.

Re:I was afraid to click the link... (3, Informative)

Flea of Pain (1577213) | more than 4 years ago | (#32407622)

Flea of Pain like this.

Re:I was afraid to click the link... (1)

MokuMokuRyoushi (1701196) | more than 4 years ago | (#32408608)

Considering your (Informative) mod, you're obviously an important enough person to pay my respects. Wilt Thou accept my humble worship?

caterpillar (3, Insightful)

kervin (64171) | more than 4 years ago | (#32407412)

Why does the Slashdot section on worms have a picture of a crawling caterpillar?

Re:caterpillar (0)

Anonymous Coward | more than 4 years ago | (#32407542)

In the US, a caterpillar crawling in that way is called an inchworm.

Re:caterpillar (4, Funny)

WrongSizeGlass (838941) | more than 4 years ago | (#32407666)

Why does the Slashdot section on worms have a picture of a crawling caterpillar?

They do it just to bug people ;-)

SHUTUP! Not Funny. Caterpillars aren't a bug. (0)

Anonymous Coward | more than 4 years ago | (#32409430)

What qualifies as a bug is a known as a Shield insect. A shield insect is somewhat a kind of beetle that has ornate markings on its wing cases, specifically has a sucking mouth-part, may emit a foul odor when bothered, and is as diverse as either specializing carniverous acts of stalking prey to even communing with fellow herbivores to suck dry a non-fibrous stem of a plant. Carnivorous varieties of Shield bugs are obviously cannibalistic, while the herbivorous variety commune together like a bunch of stinkin' hippy gypsies. Bugs that aren't a variety of Shield are also seasonally aquatic, such are; Toebiters, Waterboatmen, Backswimmers, and Whirlygigs. Insects that are buglike in that they have a sucking mouth organ but without a Shielding wingcase is the everyday Aphid.

Look for Shield bugs on Daisies, or maybe Carnations.

I typed this all by myself, to bug you moaarrrrr.

That's no bug! (0)

Anonymous Coward | more than 3 years ago | (#32411752)

But the hemipteran order [wikipedia.org] goes through incomplete metamorphosis, not complete metamorphosis. So they never have a larval stage that looks anything like that.

What's that whooshing noise?

Re:caterpillar (2, Informative)

maxume (22995) | more than 4 years ago | (#32407690)

If it helps, those are often called inchworms.

Re:caterpillar (1)

Tim C (15259) | more than 4 years ago | (#32408472)

In the US perhaps; I've never heard the term here in the UK - not that I talk about caterpillars very often of course...

Re:caterpillar (1)

SnowZero (92219) | more than 4 years ago | (#32409180)

According to wikipedia, they are the caterpillar form of the geometer moth [wikipedia.org] , which are commonly called loopers, spanworms, or inchworms. There are apparently 300 varieties in the UK and over 1200 in North America, so it seems to be pretty common both places.

Re:caterpillar (1)

sakdoctor (1087155) | more than 4 years ago | (#32409224)

The big hungry inchworm wouldn't have sold nearly so well.

Re:caterpillar (1)

nospam007 (722110) | more than 4 years ago | (#32409848)

In the US perhaps; I've never heard the term here in the UK.

You got metric, it's the common 2,54cm worm.

Re:caterpillar (1)

FooAtWFU (699187) | more than 4 years ago | (#32407702)

Why does the Slashdot section on worms have a picture of a crawling caterpillar?

Because it's cute and fuzzy, obviously. Also, I like pretty butterflies. ./~ <3

NoScript (4, Informative)

SlashDPC (931574) | more than 4 years ago | (#32407416)

Thank you NoScript for stopping this for me. I knew it looked "phishy."

Re:NoScript (4, Informative)

bwcbwc (601780) | more than 4 years ago | (#32407606)

Better yet, use NoScript's ABE facility to block any non-Facebook web page from loading a Facebook page or API. From http://noscript.net/abe/ [noscript.net] :

# This one allows Facebook scripts and objects to be included only
# from Facebook pages
Site .facebook.com .fbcdn.net
Accept from .facebook .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Re:NoScript (4, Interesting)

Anonymous Coward | more than 4 years ago | (#32407682)

Here's the line from my unbound.conf that solves all Facebook related problems for me:
local-zone: "facebook.com." static
followed by no local-data lines.
I see "address not found" error messages on lots of web pages: Facebook iframes are freaking everywhere. No more.

Re:NoScript (1)

asdf7890 (1518587) | more than 4 years ago | (#32408046)

I've just tried this with the latest NoScript in an otherwise default configuration, and it seems stop facebook itself from operating (which depending on your opinion of such things, may or may not be a bad result!).

Re:NoScript (0)

Anonymous Coward | more than 4 years ago | (#32408962)

Looks like there's a typo in it. I think you need to add the ".com" behind facebook like so:

Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Re:NoScript (1)

asdf7890 (1518587) | more than 3 years ago | (#32411596)

Ah, thanks. I did a quick scan for typos but somehow completely missed that one. Your edited version does the trick, thanks.

Re:NoScript (1)

sdstuart (1125031) | more than 4 years ago | (#32410806)

The .com was left off in the "Accept from" list. Try this version with it added, it works for me. # This one allows Facebook scripts and objects to be included only # from Facebook pages Site .facebook.com .fbcdn.net Accept from .facebook.com .fbcdn.net Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Re:NoScript (2, Informative)

smcn (87571) | more than 4 years ago | (#32409184)

A similar technique for Privoxy users can be found here: http://bmearns.net/wwk/view/Privoxy [bmearns.net]

By default it only stops cookies. At the bottom of the page it is explained how to block all Facebook access from third party sites.

Re:NoScript (1)

noncaptusest (1644871) | more than 4 years ago | (#32407730)

NoScript rocks. Being using it for a long time and will be for time to come

Re:NoScript (2, Interesting)

snl2587 (1177409) | more than 4 years ago | (#32408074)

Reason #1 why I refuse to switch to Chrome.

Re:NoScript (1)

0100010001010011 (652467) | more than 4 years ago | (#32408110)

About that...

Re:NoScript (0)

Anonymous Coward | more than 4 years ago | (#32408288)

Because Chrome has no built-in way to whitelist Javascript, or extensions that do the same.

Re:NoScript (1)

snl2587 (1177409) | more than 4 years ago | (#32409058)

Not in a way that isn't a complete pain in the ass for frequent surfing. Plus, it doesn't support deep control or even come close to preventing click-jacking on pages you allow.

Re:NoScript (0)

Anonymous Coward | more than 4 years ago | (#32409812)

Not in a way that isn't a complete pain in the ass for frequent surfing.

Wrong. [tinypic.com] Maybe you should use something before, y'know, offering advice.

Plus, it doesn't support deep control or even come close to preventing click-jacking on pages you allow.

Deep control is totally unnecessary and only highly slows down page rendering times. Click-jacking is not a concern for (1) semi-intelligent geeks, and (2) Chrome or IE8 users on X-Frame-Options-secured pages (but as always, Facebook is delaying).

Re:NoScript (0)

Anonymous Coward | more than 4 years ago | (#32408404)

Thank you for adding the required by law "I USE NO SCRIPT TO I RULE!" smug post.

Advice (3, Insightful)

whisper_jeff (680366) | more than 4 years ago | (#32407444)

Graham Cluley ... offers advice on how to clean up affected Facebook profiles

Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

Just by doing that, internet/computer security would be vastly improved. Once all of our moms and computer-illiterate uncles learn that one little gem, we'll be a long ways towards solving most of the computer-related security issues. Of course there are steps after that to really nail down security but, until people stop clicking on stupid shit, we're fighting a losing battle.

Re:Advice (2, Funny)

gEvil (beta) (945888) | more than 4 years ago | (#32407466)

Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

I can't wait till a link from the Idle section turns out to be serving up malware...

Re:Advice (1)

TheRaven64 (641858) | more than 4 years ago | (#32407726)

Does anyone read idle? There was a thing telling me idle was a complete waste of time and not to go there on the front page, so I opened up the preferences thing and made sure it didn't appear on the front page for me. Made Slashdot a lot better...

Re:Advice (1)

mister_playboy (1474163) | more than 4 years ago | (#32407882)

In case you haven't noticed, the editors are fond of sneaking Idle articles into the other sections... samzenpus, especially.

Re:Advice (1)

corbettw (214229) | more than 4 years ago | (#32408176)

That would be redundant as Idle is, itself, malware.

Re:Advice (1)

QBasicer (781745) | more than 4 years ago | (#32407482)

Or rather become rather grumpy and not 'like' anything, or anybody.

Re:Advice (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32407492)

The thing about click jacking is you don't have to click on stupid shit. You could be clicking on something entirely legitimate, or so you think.

Re:Advice (0)

Krneki (1192201) | more than 4 years ago | (#32407506)

Curiosity kills the cat.

P.S: Do we have to remind people that this shit work only on M$ platform?

Re:Advice (3, Interesting)

Khyber (864651) | more than 4 years ago | (#32408122)

"P.S: Do we have to remind people that this shit work only on M$ platform?"

iFrame malware isn't *JUST* a Windows issue. Think harder next time.

Re:Advice (0)

Anonymous Coward | more than 4 years ago | (#32408156)

That would be counterproductive since it isn't remotely true.

Re:Advice (0)

Anonymous Coward | more than 4 years ago | (#32410756)

It got me, running chrome on linux.

Re:Advice (5, Insightful)

bfields (66644) | more than 4 years ago | (#32407562)

Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

Just by doing that, internet/computer security would be vastly improved.

Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.

Once a single mouse click on an infected link is enough to propagate the link, it's already game over--the choice of bait is a detail.

Re:Advice (4, Insightful)

WrongSizeGlass (838941) | more than 4 years ago | (#32407684)

Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.

You mean "This New Intel CPU Has A Great New Hologram! Check It Out!" won't work?

Re:Advice (5, Funny)

vlm (69642) | more than 4 years ago | (#32407804)

Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.

OK I'm all confused now. Just answer the question, is "Why Apple Is So Sticky" safe to click on or not?

Re:Advice (1)

ObsessiveMathsFreak (773371) | more than 4 years ago | (#32409432)

It's Juicy.

Re:Advice (0)

Anonymous Coward | more than 4 years ago | (#32408160)

Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.

It is, however, much, much harder to create intelligent shit than stupid shit. Which is not to say it's particularly hard to create mildly intelligent shit, it's just so damn easy to create stupid shit these days. Five seconds of randomly reading Facebook will show you what I mean.

Re:Advice (1)

Culture20 (968837) | more than 4 years ago | (#32408368)

Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.

It is, however, much, much harder to create intelligent shit than stupid shit. Which is not to say it's particularly hard to create mildly intelligent shit, it's just so damn easy to create stupid shit these days. Five seconds of randomly reading Facebook will show you what I mean.

s/Facebook/\/./
FTFY

Re:Advice (1)

Vexorian (959249) | more than 4 years ago | (#32409156)

Are you aware of any IQ tests mine could take?

Re:Advice (1)

solaraddict (846558) | more than 4 years ago | (#32407604)

Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

Eh. From what I see, most people are on FB precisely because of it - people seem to like clicking on stupid shit.

Re:Advice (1)

fustakrakich (1673220) | more than 4 years ago | (#32407912)

Stop clicking on stupid shit.

Absolutely. Don't click here [facebook.com]

Re:Advice (4, Insightful)

Phroggy (441) | more than 4 years ago | (#32407926)

Sometimes, stupid things are funny. I don't live in a bubble, and if my friends think something stupid is funny or interesting, I want to see it, because I care about what my friends think and because I find value in sharing an experience and because it might actually be worth my time.

I don't have to use Facebook, but it's how a lot of my friends choose to communicate, and my social life is healthier because of it. Many of them aren't geographically close enough to see them in person often, and those that are don't always have a compatible schedule, so Facebook allows me to stay in contact with people I wouldn't otherwise be able to (indeed, I've reconnected with people on Facebook that I haven't seen in over a decade, who are on the other side of the globe).

I think it's reasonable to expect that when I click a link to a web page, nothing bad should happen to me. In fact, nothing did happen - I'm not sure if that's because Facebook has already blocked this, or my browser has built-in security measures in place to prevent it, or (more likely) the exploit failed due to some bug or incompatibility. I looked at the HTML, saw what it was trying to do, saw that it was malicious, and went no further. That's how I WANT things to work.

Re:Advice (1)

John Hasler (414242) | more than 4 years ago | (#32410126)

> I think it's reasonable to expect that when I click a link to a web page,
> nothing bad should happen to me.

Why not shorten that to "I think it's reasonable to expect that nothing bad should happen to me"?

Re:Advice (1)

antdude (79039) | more than 4 years ago | (#32410894)

Can't you use e-mails, IMs, IRC, etc. instead? I was on Facebook, but was kicked off for using fake datas. I did NOT want Facebook to have my real datas.

Re:Advice (0)

Anonymous Coward | more than 4 years ago | (#32408896)

Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

How do you distinguish stupid shit from non-stupid non-shit without going ahead and clicking?

Re:Advice (0)

Anonymous Coward | more than 3 years ago | (#32411760)

Please, let me offer you some advice:
stop using Facebook.

Didn't work for me (1)

Phroggy (441) | more than 4 years ago | (#32407534)

I encountered this on Facebook a few minutes before seeing it on Slashdot. I'm not sure why, but it didn't work for me. Does Safari have any sort of built-in protections against this sort of thing? Or has Facebook blocked it already? Or did it just not work due to a bug somewhere?

Re:Didn't work for me (1)

WrongSizeGlass (838941) | more than 4 years ago | (#32407688)

Does Safari have any sort of built-in protections against this sort of thing?

It's not MS IE?

Re:Didn't work for me (1)

ducomputergeek (595742) | more than 4 years ago | (#32408342)

I saw it too, and same thing. Safari wouldn't do anything with the click. But I'm running Safari Ad Block, Flash Block, and a couple other plug ins that may have stopped it.

Re:Didn't work for me (1)

Firehed (942385) | more than 4 years ago | (#32409390)

It definitely works in Safari, though it's possible that Facebook has blocked the problem links. That said, check your "my profile" page as it doesn't show up the homepage feed.

Interesting, but... (1, Funny)

Anonymous Coward | more than 4 years ago | (#32407680)

This has been going on for weeks, I received three at least two weeks ago. It wasnt that hard to realize it was malicious; my sister doesnt tend to care about how other women eat bananas

Re:Interesting, but... (1, Interesting)

twidarkling (1537077) | more than 4 years ago | (#32407900)

I figured it was probably malicious, but it was from a friend who's usually on the up-and-up, so I jacked up my security temporarily, and clicked. When I got the big white page with "click to continue," yeah, that's confirmation. Not a single one of those is in any way legit. Ever.

lol, facebook (0, Flamebait)

netz95 (1813002) | more than 4 years ago | (#32407716)

I'm shocked this doesn't happen more often, 95% of facebook's users are complete idiots.

Re:lol, facebook (1)

dsoltesz (563978) | more than 4 years ago | (#32407872)

Yeah... one of my friends, who usually finds entertaining stuff, "like" the prom dress page. He's intelligent and computer savvy. I'm probably intelligent and even more computer savvy, but the combo of my friend posting that title got me. The real "stupid shit" that folks are clicking is the giant "click here to continue" on the page. That's where common sense says "time to hits the googles if ya really wanna know."

Re:lol, facebook (1)

alvinrod (889928) | more than 4 years ago | (#32408214)

Hell, half of the world's population is below the median for competency. I'd wager more than half is below the mean. This is especially true regarding competency regarding computers and the internet.

The only reason it doesn't happen more often is that stupidity-exploiting malice seems to be supply limited at this time.

Re:lol, facebook (0)

Anonymous Coward | more than 4 years ago | (#32409028)

Indeed, some even think that an idea like 'competency' can have a mean or median. Hint: What are units of competency? How do you quantify someone being twice as 'competent' as someone else?

Hoist by your own petard, methinks.

Fix is right here (3, Informative)

vlm (69642) | more than 4 years ago | (#32407758)

and offers advice on how to clean up affected Facebook profiles.

No problemo, just click right here:

http://www.facebook.com/group.php?gid=16929680703 [facebook.com]

The title is "How to permanently delete your facebook account." Or, is it?

Save the web.. (0)

Anonymous Coward | more than 4 years ago | (#32407852)

Use lynx.

Problem solved (0)

Anonymous Coward | more than 4 years ago | (#32407878)

Don't use Facebook, tadah.

New? (1)

Vegan Cyclist (1650427) | more than 4 years ago | (#32407922)

I got hit by this a few weeks ago, there was a similar 'Bet You Don't See...' item to Like. I had the impression it was going to be like the basketball/gorilla video, but it automatically invited all my friends, etc..there was no way (i could see) to not do it once you were sucked in.

I 'reported' it (although the Facebook 'report' button is entirely inadequate for this), and encouraged the friend i got this from to as well..

Why is this only coming up now? When i hit that page, it had already sucked in nearly 200,000 people. (ie, the number of 'Fans'.)

Culture20 likes you. (1)

Culture20 (968837) | more than 4 years ago | (#32407962)

I saw a lot of my friends get hit by something just like it, including a rick-roll. Every one of them said they didn't click "like" on the rick-roll site, but it showed up as a like on facebook anyway. Who wouldn't be curious enough to want to click on a "FriendX likes you. [example.com] " link? Thankfully I have a habit of checking the URLs on unusual facebook links. The strange part was there were many different URLs for the "you", so it looked like a "distributed" attack (FB couldn't just search for one URL).

Yep, saw it last night. (3, Informative)

dasunst3r (947970) | more than 4 years ago | (#32408058)

Out of curiosity, I opened the link in a separate browser without my Facebook login. It would then try to do a "security check" in which you have to answer a survey to prove that you're human. Being the smart Slashdotters we are, we know Captchas are how it's done. The main take-away: (1) Hover, look, and think before you click and (2) If the link goes outside Facebook, it is SPAM and should be reported.

I think I just got targeted from an ad. (1)

undecim (1237470) | more than 4 years ago | (#32408186)

While opening a bunch of feed items (including this one) which included several different websites, I was prompted to download "like.php" which is a kind of thing that happens when websites set bad headers...

None of my tabs failed to load, so I'm guessing this came from a rogue advert (?)

I don't have a facebook account though, so I'm not worried.

Could have been worse... (1)

ArsenneLupin (766289) | more than 4 years ago | (#32409406)

They could have combined it with the "history stealing" exploit [asp.net] , registered domains bananas.com [slashdot.org] and peaches.com [slashdot.org] , and picked for each victim the "appropriate" site to like.

Related exploit (1)

bbosh (1203578) | more than 4 years ago | (#32409448)

It is also worth pointing out another Facebook exploit which allows a page to 'run' Javascript on a Facebook page. It prompts the user to perform certain actions which copy-and-paste a 'javascript:' style URL to the address bar, and to click Enter to execute the Javascript. This also has the potential to spread fast by sharing it with all of your friends. See http://infinity-infinity.com/2010/05/facebook-exploit-social-engineering-javascript-injection/ [infinity-infinity.com] .

iFrames? (0)

Anonymous Coward | more than 4 years ago | (#32410706)

An iframe isn't an Apple product. It's an HTML tag. It's iframe.

This is why I have a separate FF profile for FB (1)

calmofthestorm (1344385) | more than 3 years ago | (#32411834)

To solve problems like this. No matter what Mark Z decides to Zuckerpunch my privacy settings into tomorrow or the next time he secretly changes them, or not matter what bullshit he opts me into, the rest of my webbrowsing (slashdot and wikipedia) will remain separate from FB's braindead "features".

I already removed almost all my personal info of course, but facebook is simply too big to close completely. It would close off a useful service. Again, it's not that I object to FB trying to make a profit to support a free service, I expect that. It's that I don't like being tricked and worn down into doing things I don't want.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?