Zscaler ThreatLabZ Releases Free Browser Tool to Combat Facebook “Likejacking”

SUNNYVALE, Calif., Sept. 26, 2011 /PRNewswire/ — Zscaler, The Cloud Security Company, today announced the release of a free security tool that consumers can download from the web to protect themselves against malicious threats, scams and spam propagated on Facebook through a technique called “Likejacking.”  The latest free consumer security tool developed by Zscaler ThreatLabZ – the company’s research arm – Zscaler Likejacking Prevention is available today as a plug-in for Firefox, Chrome and Safari browsers.

Zscaler ThreatLabZ has seen the number of Likejacking attacks grow to become the most common social engineering threat encountered on Facebook today, with unsuspecting users and their friends falling victim daily. Likejacking is a form of Clickjacking, which causes people to be surreptitiously tricked into clicking one or more hidden links on a web page. With Likejacking, attackers exploit the Facebook “Like” button and other widgets – including the latest announced “Listened,” “Watched” and “Read” gestures, game “Challenge” button, and even the “Dislike” button if implemented – by getting people to click them. The “Like” buttons are often hidden transparently behind a “Play” or other button, causing you to click without knowing that you just unintentionally “Liked” something; this causes the content to appear in your friends’ News Feeds with a link back to the “Liked” website. The result, as you can imagine, is that it can spread virally very quickly from network to network, enabling the attacker to spread malicious links, propagate spam and conduct other types of social engineering attacks.

“Our findings are consistent with other security researchers, who estimate that approximately 15 percent of Facebook videos alone are, in fact, Likejacking attacks,” said Julien Sobrier, senior researcher, Zscaler ThreatLabZ, and developer of the new Zscaler Likejacking Prevention tool. “In 2010, for example, hundreds of thousands of Facebook users fell victim to a single scheme alone.”

Leave a Reply