Last weekend several Facebook users were effected with a new Clickjacking worm which tricks users to post spam messages in their profiles. The worm is spreading like a wildfire as it uses catchy headlines on trending topics of last few month’s and lures poor Facebook users to click on the link.
The message that the worm posts is
"try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]"
Other messages used by the spammers included
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
Clicking on the above kind of links takes users on an external page hosted on blogspot.com with only “Click here to continue” link, however when the user clicks on any part of that page will trigger a script which posts the same message on the user’s wall. Affected profiles shows that they have “liked” these links and as well recommends other users to click the link. So beware if you see any of such links.
Experts say the worm does not look to be malicious but SophosLabs says the offending webpages are being infected by Troj/Iframe-ET. They say it was created as a mischief rather than to make money out of it. The domain referenced in the messages, fbhole.com points to an IP address in Czech Republic.
If you feel that you have been hit by this attack, then delete entries related to the above links in the recent activity on your news feed. Also check your profile page and click on your Info tab and remove any of the pages from your “Likes and interests” section.