Blog da Zscaler

Receba as últimas atualizações do blog da Zscaler na sua caixa de entrada

Inscreva-se
Security Research

An Example Of Likejacking (Facebook Clickjacking)

image
JULIEN SOBRIER
January 10, 2012 - 1 Min. de leitura
Last year, we released Zscaler Likejacking Prevention, a free browser extension to protect users from clickjacking leveraging Facebook widgets. Since then, I've seen many websites using Likejacking as their "business model" (i.e. this is how they get traffic to their spam site).

Usually, these spam websites try to get the user to click on a specific area of the page where they have hidden one or more 'Like' buttons. Recently, we found a website where the hidden Facebook 'Like' button follows the mouse throughout the page. No matter where you click, you hit the Like button.
 
Image
Hidden Like widget follows the mouse

The technique to hide the button, has however been seen previously. There are hidden DIV elements with the opacity set to 0.0.1, which makes them transparent, although they are in the foreground. The position is set to absolute so that it can move anywhere on the page.

Here is a video that explains how it works:
 
 
 

You can get the free Zscaler Likejacking Prevention extension for Firefox, Google Chrome, Safari and Opera on our website.
form submtited
Obrigado por ler

Esta postagem foi útil??

Receba as últimas atualizações do blog da Zscaler na sua caixa de entrada

Ao enviar o formulário, você concorda com nossa política de privacidade.