Clickjacking Facebook worm spreading fast

Security experts are warning of a clickjacking worm spreading via Facebook which tricks users into posting it on their status updates, although it does not appear to be malicious.

According to F-Secure chief research officer Mikko Hyponnen, the worm posts the following message: "try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]".

Clicking on the link takes users to another page which displays a fake error message.

“If you click anywhere on the page, you will trigger a script that will try to post the same message to your Facebook wall,” Hyponnen explained in a blog post.

“This is done with an invisible iframe that follows your mouse around — causing you to click on an invisible ‘publish’ button. In addition to the wall message post, nothing else happens.”

Hyponnen added that the worm is “spreading like wildfire” with the domain referenced in the link, fbhole.com, pointing to an IP address in the Czech Republic.

Sophos senior technology consultant Graham Cluley added that thankfully the worm seems to have been motivated out of mischief rather than a desire to make money.

“Should we be surprised by this latest attack via Facebook? I don't think so,” he continued in a blog post.

“One of the key findings of Sophos's 2010 Threat Report was about the astonishing 70 percent rise in reports of malware attacks via social networks. Facebook, in particular, was named the riskiest of the social networks by survey respondents.”