For those of you who want to learn how to stop malicious scripts (including non-malicious scripts) from executing in a browser I suggest you read “How to manage website scripts using browser addons”. Here is a simple example of a likejacking attack:
- Fake videos or provocative images are published on Facebook and propagates via one friend and then their friends and so on
- Social engineer a user to click on a button/link to view the video(s) /view image(s) using enticement (i.e. online survey or special promotion)
- Hidden underneath the video or image will be a “Like” button using what we call in the coding industry ‘UI redressing’. * This is when users are redirected to the malicious website
Lastly I suggest you review your news feed and delete any offending items. Notify your friends too. You can remove any items from the ‘Facebook Timeline – it’s your final decision’, which for me provides more flexibility and control (using ‘Activity Log’) of news and status/news updates than the previous version. This might come as a surprise to some of my readers, but rest assured you’ll know what I mean when you start using the Timeline Activity Log.
Safe surfing folks!