Preliminary analysis of Facebook Click jacking Attack “Chica Sexy”
Came across a few interesting posts like this on my wall today.
All posts pointed to links of the form “http://dalefrases.com/chicasexy/ver-RANDOM-DIGITS.html”
The page appears to be a naive “spammy” video page but had three like buttons hidden underneath the video by setting there opacity to zero.
It should be noted that it is tough if not impossible prevent click-jacking attack for “like” button [unlike in case of “share” button where a user is first redirected to facebook].
But the interesting aspect about this attack is that the prankster (or spammer?) probably understood that facebook is monitoring viral URLs and any spammy viral URL will get caught, therefore, the prankster decided to generate URL patterns instead of URLs and as of now, it seems that the technique has worked for him/her.
Note: If this post appears on your wall, don’t panic and just delete it, this is just a click-jacking/like-jacking, the prankster won’t get your account credentials/any other information from your account.
This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.