Hundreds of thousands of Facebook users were hit over the holiday weekend by a trick that spreads a clickjacking worm once the victim has been fooled into “liking” a page. Once that is done the action installs a Trojan and recommends the page to the victim’s friends.
According to security firm Sophos, which has taken to calling this type of exploit “likejacking,” the viral “Like” worm spotted last weekend was working its way across Facebook with messages that include the following:
“LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”
“This man takes a picture of himself EVERYDAY for 8 years!!”