There is a new type of worm that is spreading rapidly throughout Facebook via the popular “Like” feature of the service. A clickjacking worm has reared its ugly virtual head, and has affected hundreds of thousands of Facebook users by making it look as if they clicked on the link to “like” it.
There are various messages that are being used in the text of the link, such as “The Prom Dress That Got This Girl Suspended From School”, “This man takes a picture of himself EVERYDAY for 8 YEARS!!” and “This Girl Has An Interesting Way Of Eating A Banana Check It Out!”. When a Facebook users clicks on this text to ‘like” it, he or she will be taken to a blank web page that simply states, “Click here to continue.” Most people will go ahead and click the page at this time, and when they do, the same message is placed on their Facebook page.
Facebook users are also seeing comments that include an intriguing photo with a caption that reads “New Pix”. The link listed, fb.59.to, redirects the users to a web page where they are given a fake Turing test. The blue button that the test tricks the unsuspecting user into clicking is actually the user’s “Share” button that has been positioned in such as way so that it adds a new comment. When the button is clicked, this malicious link is shared.
The clickjacking worm on Facebook is very similar to another worm called the Fbhole worm that made itself known on Facebook ten days ago. Since many Facebook users unintentionally ended up suggesting the page to those in their Friends list, a worm such as this ends up spreading very quickly.
A security firm called Sophos has discovered that the linked pages have been infected with a worm called the Troj/iframe-ET worm. At this time, the worm does not seem to do much of anything except add likes to your new feed on Facebook. Anyone who suspects that they have been infected with this worm will definitely want to take action to get the worm off their system.
The security firm Sophos advises Facebook users to delete any of the entries that are in your news feed that seem to be related to these links. After this has been done, you should then check out your profile page as well as your info pages so that you can make sure you do not see any links or pages that are connected to those web sites have not been placed upon your profile page.