Facebook users looking to avoid becoming victims of likejacking (a hack that puts unwanted likes on your profile) now have access to another weapon for their arsenal, free of charge, from cloud security company Zscaler.
Zscaler Likejacking Prevention is available as a plug-in for Firefox, Chrome, and Safari, and it combats likejacking, in which attackers attempt to exploit Facebook members’ usage of the like button by tricking them into clicking hidden like buttons and unintentionally liking pages or products, which, in turn, appear on their friends’ newsfeeds and spread virally.
Zscaler added that Zscaler Likejacking Prevention will also protect users against intrusions via the upcoming variations on the like button, including listened, watched, read, challenge (in games), and, if it is ever deployed, the dislike button.
Zscaler ThreatLabZ Senior Researcher and Likejacking Prevention Developer Julien Sobrier said:
Our findings are consistent with other security researchers, who estimate that approximately 15 percent of Facebook videos alone are, in fact, likejacking attacks. In 2010, for example, hundreds of thousands of Facebook users fell victim to a single scheme alone.
Attackers are constantly developing and engineering new tactics and, unfortunately, traditional security products often lack the kind of protection users need to defend themselves. As Web 2.0 sites increase their use of social plug-ins such as the Facebook like button, attackers are shifting to malicious clickjacking techniques, which are not being detected by browsers. Proactive tools like the new Zscaler Likejacking Prevention app will provide simple yet effective protection against likejacking and any type of clickjacking impacting Facebook widgets.
Vice President of Security Research Michael Sutton added:
Communication mediums on the Internet have shifted and attackers have quickly adapted. Whereas spam email was once the communication medium of choice for attackers, they now leverage social networks to communicate with victims. Overall, Facebook is a more effective social engineering tool because, when exploited, the communication is coming directly from a trusted source. Unfortunately, browsers remain vulnerable to web-based attacks such as likejacking, and mobile browsers and traditional security solutions have failed to address this threat.
Readers, have you been likejacked?