Facebook 'Like' Compromised by Clickjacking Attack

Clicking on the links takes Facebook users to a page with a single line of text reading, 'Click here to continue'.  Clicking at any point on the page publishes the same message (via an invisible iFrame) to their own Facebook page in an attempt to aid the spread of the worm.

"What the hackers have done is really sneaky.  They hide an invisible button - using a hidden iFrame - under your mouse, so wherever you click your mouse-press is hijacked, secretly clicking on a button which tells Facebook that you 'like' the webpage.  This then gets published on your own Facebook page and shared with your online friends, resulting in the link spreading virally," explained Graham Cluley, Senior Technology Consultant at Sophos.  "Some of the pages ended up with hundreds of thousands of fans as a result.  Facebook needs to tighten up the way it handles the 'liking' of external webpages before it is more widely abused by malicious hackers and spammers."

Facebook users that have been affected should view the recent activity on their news feed and delete entries related to the offending links. In addition, they should view their profile, click on the 'Info' tab and remove any of the offending pages from the ‘Likes and interests’ section.