Sophos poll claims that Facebook should do more to prevent clickjacking attacks

News by Dan Raywood

Facebook is not doing enough to prevent the continual problem of 'clickjacking' attacks.

Facebook is not doing enough to prevent the continual problem of 'clickjacking' attacks.

As detailed yesterday, the social networking site has been hit by ‘clickjacking' attacks, with the most recent over the last weekend. The attacks work by posting a link on a user's Facebook homepage stating that they 'like' a certain page. If other users visit it they get to an aptitude test, which tries to automatically charge them $10 a month on their mobile phone for more aptitude tests.

A poll by Sophos revealed that 95 per cent of respondents do not believe that Facebook is doing enough to stop them. The poll of 600 internet users asked: ‘Do you think Facebook is doing enough to stop clickjacking worms?'

Sophos said that although the attacks are yet to deliver malicious payloads, they demonstrate an exploitable weakness in the way that Facebook works, putting users at potential risk from further malware or phishing attacks.

Graham Cluley, senior technology consultant at Sophos, said: “Facebook clearly has not been security-conscious enough in the implementation of its social ‘like' plug-in.  This leaves the system open to abuse by spammers and scammers, and exposes users to the risk of outside threats.”

He suggested that one solution would be for Facebook to implement ways for members to make a more conscious decision as to whether they want to ‘like' third party content or not. By having a pop-up box asking whether users are sure they want to ‘like' a particular page, or offering the option to disable the third-party ‘like' feature entirely, Cluley believed that the spread of these attacks would be much easier to control.

“What's clear is that Facebook needs to set up a proper early-warning system to alert users about breaking threats. It seems wrong that the only place where Facebook users can read about the latest attacks is on the pages run by security vendors on Facebook, rather than Facebook's own security pages,” concluded Cluley.

Facebook has issued an update via its security page. It said: "Certain malicious websites can cause your browser to take action without your permission. For example, clicking on a link on one of these websites might cause the website to be posted to your Facebook profile. As always, beware of strange links, and if you see one, tell the friend who posted it."

PandaLabs technical director Luis Corrons said: “For the moment we've not seen any case of malware distribution, but it's just a matter of time. In the last weeks we've seen many cases which use baits like '101 Hottest Women in the World', 'Farmville' or 'Sex & the City 2', promising us to access the content about the topic of the site, to watch a video, etc. and the only thing that happens is that it is being distributed by appearing in Facebook and making all the friends that follow the link fall into the trap. My advice: be distrustful, don't trust anything and disable Javascript in your browsers.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews