by David Michmerhuizen – Security Researcher
Two weeks ago Facebook saw a wave of celebrity like-jacking attacks which Barracuda Labs detailed in a post describing their Open Graph underpinnings. Those attacks used teen celebrities as their bait – Justin Bieber and Miley Cyrus were prominent themes.
After a slight hiatus, the scammers are back with the same software but a different approach. They’re targeting a tried and true Internet meme – T & A.
Clicking on one of these links in a friend feed takes you away from Facebook to another site. In the previous campaign, these throw-away sites were registered with names like girl-gets-caught.info or daddy-bustedonline.info, and the scam pages were formatted to look like YouTube videos.
Now that they’ve added more salacious come-ons, at least some of the pages are formatted to look like gossip sites.
Just as before, this Web page uses the Open Graph API to construct a large ‘like’ button that appears to be a movie preview pane. Clicking on the preview pane does two things: it posts a ‘like’ message to your own news feed and then serves up a set of scammy surveys and questionable product offerings under the guise of a ‘security check’.
If you click all the way through any of these offerings, the like-jack page creators are paid a fee. Entering personal information into any of these ‘surveys’ is a great way to get on spam lists. Many of them solicit your cell phone number and then sign you up for unwanted premium SMS services which are placed on your cell phone bill each month.
Barracuda Networks recommends you exercise special care when visiting links posted in your friends’ news feeds. Barracuda Web Filters and the Barracuda Web Filtering Service block access to these sites.