Search This Blog

Showing posts with label Clickjacking. Show all posts

Clickjacking Vulnerability Spamming the User’s Facebook Wall


A Polish Security Researcher who works under the name of Lasq, found a malevolent spam campaign that spams the users' Facebook wall by exploiting the vulnerability. The said vulnerability came into his notice after he saw it repeatedly being abused by a Facebook spammer group.

The vulnerability as indicated by Lasq is known to reside in the mobile version of the Facebook for the most part through popups while the desktop version stays unaffected.

The link that is the root of all the spamming gives off an impression of being facilitated in an Amazon Web Services (AWS) bucket and diverts the user to a comic website, after they are requested to confirm their ages in French. In any case, even after the user has tapped on the link and done whatever it requested, it was still found to show up on the user's Facebook wall.

At the point when Lasq researched about this issue he found that the spammers were utilizing codes to abuse the IFrame component of Facebook's mobile sharing dialog. He tested for it then with the popular browsers, like the Chrome, Chromium, Edge, IE, Firefox and every other program which displayed X-Edge-Options error and thusly published a blog post with the technical subtleties. He suspected clickjacking.

Later he gathered that because Facebook had disregarded the X-Edge-Options header for the mobile sharing discourse, the "age verification" popup which displayed prior, skirted Facebook's system.


Lasq reached out to Facebook, yet shockingly they declined to fix the issue contending that it is operating in as intended and the case has been closed within 12 hours from an underlying report and clickjacking is an issue just when an attacker some way or another alters the state of the users' account.

On being reached by ZDNet, Facebook essentially stressed on the part that they are consistently enhancing their "clickjacking detection systems" to forestall spam.

Clickjacking vulnerability in Microsoft Social Network Socl

clickjacking

An Indian Security Researcher , Nikhil P Kulkarni, has discovered Clickjacking vulnerability in the Microsoft's Social network SOCL(so.cl).
Clickjacking, also referred as "User Interface redress attack" and "UI redress attack", is one type of website hacking technique where hacker use multiple transparent layers to trick a user into clicking on something different to what the user perceives they are clicking on.


In a POC provided to EHN, the researcher demonstrated the clickjacking vulnerability.  In a html file, the top layer says "click below to win your prize money". But , in background, the SOCL page was loaded. When a user click the "click here" button, it will post message in the victim's wall.

The researcher discovered the vulnerability in August and sent notification to Microsoft. Initially, Microsoft rejected it nearly 5 times and told researcher that it was not a vulnerability.

But recently, they realized that all his POC's were right and have rectified that vulnerability. They have decided to put his name in their hall of fame page.

Facebook Scam :At 17, she did THIS in public high school, EVERY day! Outrageous?


There is a video floating around facebook with a headlines that reads "[SHOCK] At 17, she did THIS in public high school, EVERY day! Outrageous?". Clicking the link leads you to the blogspot which pretends it is about to show you a video.

After analyzing the webpage, i found that the scam targets only users from Australia, U.S, Canada, South Africa,France, Ireland and UK. When a user from other countries try to visit the link, they will be redirected to google.com.

script used identify the country


The page pretends it is about to show you a video.However, the "play" button on the video hides a secret "Like" button, which means that you share the link even further across your social network by clickjacking - helping the scammers spread their link virally.

Facebook like script


There are numerous sites that mirror this. You should always be careful about what you click on on Facebook .

Few Attackers site

Laura Frisian: the most beautiful a** in the world! : Facebook Clicjacking Attack


David Jacoby @ Kaspersky Lab have spotted a Facebook Scam Video ,The video was of a girl with a nice butt and it had the title "Laura Frisian: the most beautiful a** in the world!"

If you follow the link in the video, it will end up in a splash page ,on this page you will be exposed to a clickjacking/likejacking attempt. This means that if you try to watch the video, or any other video on the page it will automatically post things on your Facebook wall. This require that you are logged in to Facebook or have been logged in and your cookie is still active. There are two different splash pages; 1. if you are loggedin to Facebook, it will ask you to share. 2. If you are not, it will show simple video.

The full landing page has different types of scam videos. Few examples are:
  • If you like Nutella, never look this video!!!
  • Drill a tooth abscess! Disgusting :s
  • Compilation of Embarrassing and Busted! Photos, Awesome :D
  • Transgender 10-Year-Old, Boy Happier As A Girl !
  • A Really Giant Baby ! Amazing it looks so real :D
  • Air Race Plane Crashed in the crowd during a show !
  • The worst thing that can happen to a girl!
  • A fisherman catches a couple when they make ... :D

It seems that the purpose of this scam is to expose you to ads, and also automatically get you to like certain ads. This will generate both traffic and money for the guys behind this.

if you see these kind of scams in Facebook, report it as spam, this will allow the Facebook Security Team to deal with this much faster.