Skip to main content

Facebook 'like' scheme uses Bieber as bait

By Christina Warren
Attack is using Facebook's new "like" feature to spread spammy links across the site.
Attack is using Facebook's new "like" feature to spread spammy links across the site.
STORY HIGHLIGHTS
  • Attack on Facebook uses Justin Bieber to spread fake links on users' pages
  • New attack doesn't otherwise appear harmful, but causes "link spam" across the site
RELATED TOPICS

(Mashable) -- Earlier this week, we reported on a new Facebook clickjacking scheme that takes advantage of the service's "Like" buttons; today a variation of that attack is starting to appear, this time using Justin Bieber as bait.

While the baited links in the last attack were focused on sensational, if generic, titles like, "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE," the new vector takes advantage of the popularity of YouTube star Bieber, as well as Paramore lead singer Hayley Williams.

The targeted links display text that says either, "Paramore n-a-k-ed photo leaked" or "Justin Biebers Phone Number Leaked!" In the case of the Paramore clickjack, users are then taken to a page that says "Click here to continue if you are 18 years of age of above."

Clicking anywhere on the site then launches an invisible iframe which contains a Facebook Like button, thus spreading the link to more and more users.

The Justin Bieber vector is actually even more clever. First, it takes you to a page that says "Click here to continue"  this is the invisible Facebook Like button  however, after clicking on the page, users are then given what is purported to be Bieber's phone number and address.

Unlike the previous attack, it doesn't appear that this clickjacking  or "likejacking" as some are calling it  attack has any malware or worms embedded on the serving websites.

Still, if you or someone you know falls victim to these fake links, you should remove the links from your "Likes and Interests" section on your Facebook profile page.

As far as clickjacking techniques are concerned, the use of the Facebook Like button iframe is one of the more clever methods we've seen.

We hope Facebook can address this issue and better control how the controls work, lest we all become inundated with spammy "Likes" across our news feeds.

© 2013 MASHABLE.com. All rights reserved.