PALO ALTO, Calif.—A somewhat nefarious worm has reportedly been making the rounds of Facebook profiles, spreading itself through member's Walls and redirecting those who click on its image to a porn site. The social networking behemoth says it has put an end to what it calls a clear case of "clickjacking."
The wall worm, which apparently spread quickly starting Sunday, posted an image on a Facebook Wall with a photo of a woman in a bikini and the message "click 'da button, baby." Wall posts are viewable by a Facebook user's friends.
"If a friend clicks on the image and is logged into Facebook," PC World reported Monday, "the image is then is posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on "da button" redirects the friend to a pornography site."
According to Softpedia, the most recent attack doesn't appear to have had a malicious component and was most likely a proof of concept attack intended to show the effectiveness of clickjacking.
"Clickjacking is a term referring to an entire class of attacks that affect all browsers and involve overlapping hidden buttons onto visible ones. Therefore, when a user attempts to click the legit button in order to perform an apparently harmless action, their mouse click is hijacked and used to trigger an unintended one," writes Lucian Constantin. "A growing concern amongst the infosec community and browser vendors have yet to completely address it, the technique is actually exploiting an architectural flaw at the core of the Web; therefore, it is difficult to mitigate without breaking other legit functionality."
Facebook engineers reportedly jumped on the problem and say they have it under control.
"This problem isn’t specific to Facebook, but we’re always working to improve our systems and are building additional protections against this type of behavior," Facebook spokesman Simon Axten wrote in an email. "We’ve blocked the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted (something email providers, for example, can’t do)."
It also appears a number of normally astute surfers were taken in by the ruse. "Facebook warned users not to click on suspicious links," writes PC. "However, in this case, the link doesn't stand out as necessarily suspicious given the variety of Wall postings, graphics and applications that appear all over the popular social-networking site.
"In fact, one security researcher inadvertently reposted the suspect graphic before realizing something wasn't right. 'This shows that even experts can become complacent and trust systems when they really shouldn't,' wrote Gadi Evron, an independent security researcher, on Dark Reading's blog."
