Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Security experts are warning of a clickjacking worm spreading via Facebook which tricks users into posting it on their status updates, although it does not appear to be malicious.According to F-Secure chief research officer Mikko Hyponnen, the worm posts the following message: "try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]".Clicking on the link takes users to another page which displays a fake error message.“If you click anywhere on the page, you will trigger a script that will try to post the same message to your Facebook wall,” Hyponnen explained in a blog post.“This is done with an invisible iframe that follows your mouse around — causing you to click on an invisible ‘publish’ button. In addition to the wall message post, nothing else happens.”Hyponnen added that the worm is “spreading like wildfire” with the domain referenced in the link, fbhole.com, pointing to an IP address in the Czech Republic.Sophos senior technology consultant Graham Cluley added that thankfully the worm seems to have been motivated out of mischief rather than a desire to make money.“Should we be surprised by this latest attack via Facebook? I don't think so,” he continued in a blog post.“One of the key findings of Sophos's 2010 Threat Report was about the astonishing 70 percent rise in reports of malware attacks via social networks. Facebook, in particular, was named the riskiest of the social networks by survey respondents.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.