Clickjacking Worm Infects Facebook Over Memorial Day Weekend

A few weeks back, I told you how my Facebook account had been compromised on two occasions. I logged-in to my account to find someone had posted advertisements/spam on my wall, and told all my friends not to click on anything like that. According to sources, a "clickjacking" worm infected thousands across the social network.

The technical term for "clickjacking" is "URL redressing," and it works by controlling infected users' mouse clicks through various methods. Clickjackers sometimes superimpose transparent buttons over legitimate ones, so that users unwittingly click the malicious button, which often takes them to a page other than the one for which they were looking. Clickjackers can also assume control of an infected user's mouse to make changes to his computer and settings. A 2009 case - the one which brought URL redressing to the fore - saw hackers turning on infected users' webcams and microphones.

The Facebook worm apparently does nothing destructive. It posts innocuous headlines on infected users' profiles and, when others click-through, takes them to blogspot blogs which say "Click to Continue." When viewers follow those instructions, a similar spam message is posted to their profiles.

There are ways to customize your Java and JavaScript settings, but add-ons like NoScript and QuickJava simplify these operations. If you have little or no experience with these settings, be sure to do some research before you start making changes; you could unintentionally disable features you regularly use, or lock yourself out of websites you visit often.

© C Harris Lynn, 2010