5:49 pm (UTC-7) | by Robert McArdle (Senior Threat Researcher)
“Liking” a fan page or a group on just about every page you stumble on Facebook may backfire someday and you’ll wish you hadn’t “liked” it at all.
The code that users are prompted to enter into the address bar appears as such:
Going through this code step by step, it appears that it is meant to keep the specified page element hidden. It also overwrites the contents of a separate specified page element with that of another page element. The code also creates a simulated mouse click on the “suggest” element of the page. The code toward the end sets five-second timers that click items found in the suggestion box, which selects all of the user’s Facebook contacts and suggests the application to them. It then creates a simulated mouse click on the “like me” element of the page. While this code does not pose any other immediate threat apart from spamming Facebook walls and requests, there is nothing stopping cybercriminals from using these techniques to spread malware.
TrendLabsSM senior advanced threats researcher Ryan Flores thinks it is interesting to note the user interaction involved in this method. He said, “(Because) Facebook is actively filtering spam URLs, spammers are becoming more clever in pushing spam sites without immediately posting actual spam URLs.” He believes this method is no longer new, citing nonclickable spam URLs as .JPG pictures as examples, which instructed a user to type the URL shown in the image into the browser’s address bar.
Fortunately, this threat’s highly user-interactive feature makes it preventable. Users must always be wary of possible fake applications in Facebook and avoid following dubious instructions similar to the ones used in this attack.
Share this article