by Nidhi Shah, research scientist
Many Facebook users have long waited for a Dislike button and this post is to inform them that their wait is *not* yet over. The latest scam making rounds on Facebook is offering to add a “Dislike Button” to your profile
However, clicking on the link to Activate or Enable the feature will only lead you to various, and typical, malicious offerings such as likejacking, RogueAV, drive-by downloads or survey scams
The most interesting thing we noticed with this one is how creative the bad guys are getting about the distribution of their malicious apps. They are no longer simply exploiting a user's inherent trust on Facebook via an app most likely since that means is getting some attention and risks being taken down. Instead, they are using other venues that have a user's trust and also allows them to distribute their apps. e.g. Mozilla add on or Chrome plugin.
Once installed these plugins have the ability to intercept and add code to a user's Facebook profile and any other website he or she may browse. One such plugin inserts rotating ads whenever the victim browses Facebook. While these ads may sound benign, ad networks in the past have been compromised and suffer from what is known as malvertisement
The bottom line? As much as we might like to have it, there is no Dislike button just yet. Facebook users, and those browsing the Web in general, should remain extra careful before giving access to any apps on your browsing machine.