A new Facebook "clickjacking worm" lured hHundreds of thousands of Facebook users into a social-engineering trick which allowed a clickjacking worm to spread quickly over Facebook this holiday weekend. The technique is - when you "Click here to continue" you're in fact clicking an invisible link (detected as Troj/Iframe-ET) which marks the website as one that you "like" in Facebook. This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads. Messages seen being used by the spammers include:
- "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."
"This man takes a picture of himself EVERYDAY for 8 YEARS!!"
"The Prom Dress That Got This Girl Suspended From School."
"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
If you may have been hit by this attack, view the recent activity on your news feed and delete entries related to above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your "Likes and interests" section.