Monday, October 18, 2010

Facebook Clickjacking Attack - How to Spot and Avoid

 These " Shocking videos"  are the " bait"  the clickjackers use to get access to your facebook account. While at the present time, they appear to be merely annoying, it is possible these types of attacks could turn malevolent in the future.  And no, there is no "shocking" video... just SPAM.

Recently there have been a number of clickjacking attacks on Facebook that have spread like wildfire.

One of them, the "OMG, I'll Never TEXT Again after seeing this!" by "CLICK HERE TO VIEW" had over 1.8 million people "like" it.

And if you even clicked on the link, you "liked" it, too!

They may appear with different names, such as "OMG, I'll never eat at McDonald's Again!" or whatever.

The basic premise is that if you click on the link, you will see this amazing video.

That is the "bait" they use to get you to click.

What are these all about and why?

So far, these "attacks" appear to be benign, perhaps just a probe of Facebook's defenses.

But they can cause problems for users, particularly if you allow access to your account.

The attack has two stages - which take advantage of Facebook's "LIKE" feature and the "APPLICATIONS" feature.

When you click on the link, it automatically adds the link to your LIKES list, which then posts this fact on your wall, and also on your newsfeed.

Your friend may see this on the newsfeed, or on your wall, if they visit your profile.

Since they think you really "LIKE" this link, they trust it (after all, you wouldn't "LIKE" a computer virus, would you?

So they click on the link and thus "LIKE" it as well.  IN this manner, it propagates like a virus across facebook.

In no time at all, a million or more users could end up "Liking" a page they don't like.

To remove the LIKE part of this, you have to X out the entry on your wall (or newsfeed).

But all that does is get rid of the entry on your wall.  It still appears on your LIKES section.

You then have to go to your PROFILE and EDIT it.


This is a little tricky, as the likes do not expand to show all of your LIKES at once.

It will show the LIKES on your profile.  At the bottom it says SHOW ALL PAGES - click on that.

You may be surprised to see a lot of LIKES on there you don't LIKE.

Click on REMOVE PAGE for to remove pages you don't like.

Remove any you are not sure of or appear to be ads or these clickjack attacks.

Why do they make it so hard to remove LIKES?
Facebook apparently does this on purpose, as it allows advertisers to spread the word about things.

If you could see all your LIKES at once, you might realize what a whore you are for corporate America.

So, once you remove the postings from your wall and newsfeed, and delete the LIKE, that's it?


You see, when you clicked on that link, it may have asked you a number of questions.

The questions appear innocuous, but what they are is a cover for you to click on a link that allows an "app" to be linked to your facebook page.

Facebook will post a warning that the "app" you are about to install will have access to your facebook page and ability to post to your wall (among other things) and warns you not to do it.

Many people do, anyway.  DON'T ever say "yes" to such apps.  EVER.

Even if you refuse, the "app" may be installed on your facebook page and you will need to remove it.

Go go your Accounts page and click on:


Once on that page, the top item (APPLICATIONS AND WEBSITES) has an EDIT SETTINGS link.  You can then remove applications you no longer want.

There is also a link to TURN OFF PLATFORM APPLICATIONS.  If you are a farmville fan, this will shut down access to your farmville page.

If you don't use applications a lot, you may want to think about turning this thing OFF for good.  I did.

So....what is the deal with these "apps" and "likes" anyway?

These are the key to how facebook makes money - by marketing to you and using your profile information.

If you type in certain keywords to your "wall" you probably already have noticed how the sidebar ads are related to your topics.

Facebook is not a charity, but instead uses your demographic information for marketing.

The "legitimate" apps and likes are part of this strategy.

However, these new "rogue" apps seem to be trying to do something else - what it is not clear at the present time.

But once they have access to your facebook account, they can do a lot of things, such as posting obnoxious SPAM messages to your wall.

Here is a link to more information on this phenomenon with instructions on how to remove.

It is on the "sophos" page and they of course want you to join their group (everyone is selling something!) which I do not think is necessary.