[WASC-WHID] WHID 2011-45: Facebook users subjected to more clickjacking

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:05:58 EDT 2011


*Entry Title: *WHID 2011-45: Facebook users subjected to more clickjacking
*WHID ID: *2011-45
*Date Occurred: *February 22, 2011
*Attack Method: *Clickjacking
*Application Weakness: *Application Misconfiguration
*Outcome: *Fraud
*Attacked Entity Field: *Web 2.0
*Attacked Entity Geography: *USA
*Incident Description: *Facebook users have been subjected to another round
of clickjacking attacks that force them to authorize actions they had no
intention of approving.
The latest episode in this continuing saga, according to Sophos researchers,
is a set of campaigns aimed at Italian-speaking users of the social network.
The come-ons promise shocking videos about such things as the real
ingredients of Coca Cola. Instead, they are forced into registering their
approval of the videos using Facebook's “Like” button
*Mass Attack: *No
*Reference: *
http://www.theregister.co.uk/2011/02/22/facebook_clickjacking_attacks/
*Attack Source Geography: *
*Attacked System Technology: *Facebook
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/43b43ad2/attachment-0003.html>


More information about the wasc-whid mailing list