Sunday, March 13, 2011

Japanese Tsunami event used in Likejacking Attack

We all know what happened to Japan last friday and almost everyone is being curious and wanted to see pictures, videos and etc about the event.

While browsing my Facebook, I've seen the below post from my news feed.
Figure A. FB Post

I click the link from the above Facebook post and found the below site which is very suspicious.
  • http://spinavideo.com/

Figure B. The site

Then I started to analyze...... and I found out that this is another Facebook likejacking.....

Again, the same technique as before, it uses a hidden iframe to hide the liking of page...
Figure C. Hidden iframe

Then it contains code to make the hidden iframe follow the mouse where ever it goes so that once the user clicks the fake play image, the user will like the page without the user consent.

Figure D. Mouse event


As of this writing, the below shows the total likes of the site which means the total number of users were tricked by the site.
Figure E. The likes

If you think you were tricked by this site, just visit the below link and UNLIKE the page (Note: if you're not seeing the Unlike button just leave the page and DO NOT CLICK THE LIKE BUTTON):

Be aware about these kind of attacks. Well, there are ways to identify if the site is suspicious specially in this site (Figure B). As you can see the site contains Youtube logo but it is not actually the Youtube website, from that point you should know that it may cause you trouble when you continue browsing the page.
Posted by at

3 comments:

Subscribe to: Post Comments (Atom)