Facebook’s Like button is now available for use on sites external to Facebook.
What does this mean?
Well, basically you can ‘Like’ anything outside of Facebook (a blog post, an article, etc.) which then allows the story to appear in the user’s friends’ News Feed with a link back to the website. For legitimate websites this is great as it exposes your content to more users with a simple click of the mouse.
However, spammers are pretty clever folk and have, of course, found easy ways to exploit the like feature, aka likejacking, and thus a new scam is born. The spammers use enticing link-bait to get innocent victims to click on the content, only to be faced with a blank page once having clicked through. Spammers are good at exploiting our curiosity whether it is celebrity gossip or the latest news headlines, so it’s not surprising that people will click on the these links. The victims are then asked to ‘Click here to continue,’ which contains the clickjacking worm embedded via an invisible link. Clicking anywhere on the page results in having the message posted to your profile: it shows up as one of your Likes and in your News Feed, allowing the worm to spread further. And the viral cycle continues!
It’s not clear what exactly the goal is since the exploit appears to spread only on Facebook and doesn’t actually install anything on your computer. However, it is worthwhile to keep an eye on it since it could get more sophisticated with time.