It seems like Facebook is the hacking community's wet dream, the sunny playland that's always packed with childlike users who are easily convinced to hand over the keys to their privacy and security.
For about the last day or so a series of attacks have exploited Facebook's 'Like' feature through a simple clickjacking exploit. Using enticing subjects such as "This Girl Has An Interesting Way Of Eating A Banana!" or "The Prom Dress That Got This Girl Suspended From School", hackers have suckered Facebook users into participating in an attack that use web pages that make use of hidden iFrames whose goal is to trick users into saying they 'like' the content.
Users are taken to web page that's blank, except for the words 'Click here to continue'. Clicking anywhere on the page publishes the a message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and my guess is that Graham's estimates are probably on the conservative side.
The pages are infected by Troj/Iframe-ET, according to Sophos. If you're foolish enough to still be using Facebook you should probably join the Sophos page on Facebook so you can be kept informed of the latest security threats. I mean, if you're going to play with fire you might as well wear gloves, right?
