SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Graham Cluley, Sophos: Facebook sues alleged clickjacking firm Adscend Media

January 29, 2012

Facebook has launched a lawsuit against the owners of Adscend Media, alleging that they developed and encouraged others to spread spam using a variety of tactics - including clickjacking.

Facebook users are too painfully familiar with scams which trick them into completing online surveys or signing up for premium rate mobile phone services.

Here's how a typical scam works.

A Facebook user is lured into clicking on a link, having been promised the chance to see a shocking video or other salacious content.

However, when they reach the page they often told that they must complete an online survey or provide personal information first.

In the case of clickjacking, also known as likejacking, users are tricked into clicking on an invisible "Like" button that follows their mouse across the screen, not realising that they are recommending the webpage to all of their Facebook friends.

No matter where you click on the webpage, whether it be "Lady Gaga found dead in hotel room", "Japanese Tsunami Launches Whale Into Building", naked photos of a female popstar or "101 Hottest Women in the World," you are actually clicking the Facebook Like button and further spreading the spam.

Clickjacking attack

Facebook and the US state of Washington have filed suits, alleging violations of the CAN-SPAM Act and other laws, against Delaware-based Adscend and co-owners Jeremy Bash of Huntington, West Virginia and Fehzan Ali, of Austin, Texas.

According to Assistant Attorney General Paula Selis, who heads the office’s Consumer Protection High-Tech Unit, at one point Adscend's spam campaigns were earning the defendants $1.2 million a month.

How to clean-up after a likejacking attack

If you made the mistake of clicking on a link spread via a scam message, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

 And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any suspicious links. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 160,000 people regularly share information on threats and discuss the latest security news.

Graham Cluley is senior technology consultant at Sophos. Follow him on Twitter for regular updates.

Terms of Use | Copyright © 2002 - 2012 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement