Try not to laugh xD: Worm spreads via Facebook status messages

May 21, 2010 by admin
Filed under Security News

A clickjacking worm spread quickly across Facebook earlier today, tricking users into posting it to their status updates.

try not to laugh Try not to laugh xD: Worm spreads via Facebook status messages

The worm, which some have dubbed Fbhole because of the domain it points to, posts a message like the following:

try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=<random number>

Clicking on the link would display a fake error message that would trick you – through a clickjacking exploit – to invisibly push a button that would publish the same message to your own Facebook status update. We’ve seen clickjacking exploited by hackers before in attacks on social networks, for instance in the “Don’t click” attack seen on Twitter in early 2009.

READ MORE…. and see the video

Tags: Attacks, Facebook, Fake, fake error message, social network, Social Networks, Sophos, Spread, status messages, status updates, WARNING