Has ClickJacking Hit Facebook Again?

Yesterday (March 7, 2011) I received messages from two of my friends in Facebook. I checked one and it says "Hey what are you doing in this video?..." followed by a link that, appears to be, to another page in Facebook. When I clicked it however, I got an error page. I checked the other one and it says the same. I suspected that it was a form of malware, so I asked my friends regarding the messages, at least one said she did not send any message to me.

A few hours later, I logged in again and got the same message again from eight different persons who had never sent a message to me before. I noticed this time that the links-- that all starts with facebook.com -- are quite different. So I thought this could be a worm or another form of malware. I Googled for information and found out that a similar attack happened sometime in 2010.


In 2010, it was an exploit of a vulnerability of  Facebook in which it tricks the users to click on a link to page where apparently will 'like' a page without the user's knowledge.

Read the details here and here.

I found no updated information about this recent 'clickjacking' yet, but it is obviously not the first time that it happened in Facebook and probably not the last.

Just a word of caution, if your friend sent you a link and would look suspicious, at least ask your friend first if he/she really had sent that message and take extra precaution in opening any links.

Have a Safer computing.