Sunday, May 22, 2011

Facebook " First Exposure: iPhone 5 " Clickjacking Attack Spreading Virally

By Cesar Ortiz
After wearing out the “Bill Laden” and the “Who did not like you” attacks, hackers have resorted to this latest trick to lure you to view by force a multitude of Internet based advertising, some legitimate and some a scam by themselves. What can you expect from someone that tricks you to view web pages by clickjacking? All the ads that you are taken to give the hacker money for the hit. The sad issue in all of this is that there are some unscrupulous and ill intentioned thieves that pay these scammers to lure you to their advertisings. Or it may be legitimate advertisers desperate enough to use the hacker’s services.  This is a waste of human manpower, money and in worst case scenarios, fraud, damage to your computer device and even identity theft.

This newest scam is based in the user interest in the next generation of iPhone. Facebook users may see some of their fiends comment on a link that looks like news about iPhone 5. Please assume that you are the victim. The link takes you to the website "greatlakesnews. info" and from there different web pages, first a webpage that has a captcha window asking you to verify a word, this is to make sure that the link is not being scanned by some automated robot or anti-virus software. Once the user enters the captcha in the window and the hacker program verifies that you are not a robot but a human being, it immediately begins the attack by posting a message to all your friends indicating that you have commented on that news item and provides all your friends with a fake iPhone 5 news link, like the one you received, therefore spreading the scam. As far as I know, this attack is mainly based on forcing you to view advertisings.

To remove this hack, users will have to do three things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”,  “Application websites” such as “First Exposure: iPhone 5”. (3) Make sure you notify your friends that you where infected so that they can clean up their own account.

No comments: