Facebook Like Worm: Troj/iframe-ET worm Alert!

Posted on 05 June 2010 by author

In a recent report, it was confirmed that Facebook edged out Google and Yahoo to become the most visited website in the United States for almost a week. This only proves that the social networking site had really been gaining fame and attention from most net users. However, with all these recognition is also the surfacing of different issues against the famous site. The site had been facing a lot of privacy concerns issues.

And just few days ago, another issue that will surely hurt the sites image had been known. A new clickjacking worm is said to be spreading within Facebook site. The said worm exists in the site’s LIKE feature. Since the site allows bloggers and web publishers to add a Like button to their posts, it has been famous to users. Sadly, it is now being used by hackers to direct users to a malicious web page that is inflicted with a malicious worm.

The facebook “Like” feature is a way to backlink or recommends to other users something that you liked or want to share as they view their Facebook profile wall. However, the feature is not as likable now as it was before. Some users had already fallen for this trick.  The said trick uses combination of social engineering and clickjacking to appear as if a user had just liked a link.

Hackers use an invisible iFrame to load Facebook’s Like button on top of a page. Since it will not appear suspicious, users would think of it to be just an ordinary Like button, and look liked they just click on the visible button but they had instead clicked on elements in the transparent iFrame.

Some of the messages that had included this worm are “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE”, “This man takes a picture of himself EVERYDAY for 8 YEARS!!”, “The Prom Dress That Got This Girl Suspended From School”, “This Girl Has An Interesting Way Of Eating A Banana Check It Out!”. Once one of these messages appear on the Facebook wall and had been liked,  the user would be taken to a blank site that would just contain the text, “Click here to continue” and clicking answer the page will then publish the same message to that user’s Facebook page.

Security from Sophos had recognized the linked pages as being infected with the Troj/iframe-ET worm.  Since users unintentionally end up recommending the page to their walls’, the worm easily and quickly spread. Once you had been infected with this worm, it is best to use a spyware removal tool.

However, to prevent being infected, users should view recent activities on the news feed and delete entries that seem to be unusual and suspicious. Also, check your profile and info pages to make sure that there are no related to the same sites added to your profile. See video clip for related facebook worm you should be aware of.


You might also like

Virus Alert: Worm on Facebook wall posts
Scientists Uploaded Worm’s Brain To LEGO Robot
Facebook Like Hack: “Shocking! This girl killed herself after her dad posted this photo” Virus
Conficker Worm: Threat Creates Buzz – Tips on Preventing and Removing the Anomaly
Thunderstrike 2 Worm Infects Macs Permanently, As Claimed

Story by

Tags: , , , , ,

One Comment

  1. Robert (Reply) Posted on January 6th, 2012 at 7:21 am

    Over 45,000 Facebook users have been targetted by the latest worm.
    Have linked to your archive Thanks Robert.


Sensible comments/suggestions are always appreciated.