Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Security Research

An Example Of Likejacking (Facebook Clickjacking)

image
JULIEN SOBRIER
janvier 10, 2012 - 1 Min de lecture
Last year, we released Zscaler Likejacking Prevention, a free browser extension to protect users from clickjacking leveraging Facebook widgets. Since then, I've seen many websites using Likejacking as their "business model" (i.e. this is how they get traffic to their spam site).

Usually, these spam websites try to get the user to click on a specific area of the page where they have hidden one or more 'Like' buttons. Recently, we found a website where the hidden Facebook 'Like' button follows the mouse throughout the page. No matter where you click, you hit the Like button.
 
Image
Hidden Like widget follows the mouse

The technique to hide the button, has however been seen previously. There are hidden DIV elements with the opacity set to 0.0.1, which makes them transparent, although they are in the foreground. The position is set to absolute so that it can move anywhere on the page.

Here is a video that explains how it works:
 
 
 

You can get the free Zscaler Likejacking Prevention extension for Firefox, Google Chrome, Safari and Opera on our website.
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.