Hundreds of thousands of Facebook users have fallen for a social-engineering trick which allowed a clickjacking worm to spread quickly over Facebook this holiday weekend.
Affected profiles can be identified by seeing that the Facebook user has apparently “liked” a link:
Messages seen being used by the spammers include:
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
Clicking on the links takes Facebook users to what appears to be a blank page with just the message “Click here to continue”.
However, clicking at any point of the page publishes the same message (via an invisible iFrame) to their own Facebook page, in a similar fashion to the “Fbhole” wormwe saw earlier this month.
At the beginning of this month I received an email telling me about someone new who had started following me on Twitter.
Their name was @canadianshop, and it was immediately apparent that they were promoting a Canadian online pharmacy via their account. These kind of websites are frequently promoted in email spam.
Like every other time you receive a new follower on Twitter, the service reminds you that you can report them for spam:
If you believe canadianshop is engaging in abusive behavior on Twitter, you may report canadianshop for spam.
But for once I decided not to. After all, this account was clearly spammy and I was curious to see how long it would take before someone else reported them and their account was suspended.
That was 24 days ago. And despite the @canadianshop account making no attempt to hide who they are – even their background wallpaper uses familiar imagery used in hundreds of thousands of emails to promote medications like Viagra and Cialis – they remain active on Twitter.
At the time of writing the account is following over 2000 people, and has 589 folk following it back.
In addition to its activities on Twitter, the account has also created a number of custom bit.ly links to promote its online stores which redirect to Canadian Pharmacy websites like the one below:
So, let’s hope the account gets shut down soon. I’ve reported it to Twitter now, and also dropped a line to the folks at bit.ly about the links in case they want to take action against those.
As if anyone needed reminding let me say it again – if you buy drugs online you’re not only putting your personal information at risk (remember these guys are prepared to spam and use scummy tactics to promote their sites, they possibly wouldn’t flinch at doing something naughty with your credit card details), but you’re also potentially putting your health in jeopardy.
By Graham Cluley, Sophos
Folks can now help us conquer spam by calling our attention to a profile they find questionable. Click the “Report as spam” button under the Actions section of a profile’s sidebar and our Trust and Safety team will check it out to see what needs to be done. No automated action will be taken as a result of reporting a user as spam (in other words, it can’t be used to incite an angry mob against an account you don’t like.) And once you report a profile it will automatically be blocked from following or replying to you. You nailed it!
Our spam fighting tools will continue to evolve as new behaviors emerge, and as always, we’ll keep trust and safety at the top of our list.
by jennadawn from Twitter