back to article 'Clickjacking' worm hits hundreds of thousands on Facebook

A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of webpages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking. The exploit works by presenting people with friend profiles that recommend — or "Like," in Facebook parlance — links …


This topic is closed for new posts.
  1. Anonymous Coward

    Flash, haha

    Funny how if you have Flash loaded you will have the issue. I like that the Apple products don't run that junk on the mobile devices, it's one less thing adding to this issue.

    1. dogged

      Apple, haha

      Oh look, Safari is also vulnerable to clickjacking, and a whole lot more besides.

    2. Lance 3

      Guess again

      Clickjacking doesn't require Flash at all. In fact, it took Apple over 9-months to patch Safari. Not only that, they copied what Microsoft did. So rather than running that "junk" called Flash, they run that Junk called Safari!

      1. Mike Flugennock

        blew off Safari quickly

        I tried Safari for a bit, just out of curiosity, when I first got OSX. What frickin' dog food. Aside from not having the extendibility and control that Firefox has, it didn't even have a way of importing bookmarks that I could see. The bookmark-importing issue was the deal-breaker for me.

    3. adnim

      ...He'll Save Every One Of Us

      I wanna be Stevies bitch too.

      How many Apple products do I have to buy to become owned?

      I Agree with you regarding Flash, it is totally blocked in my browser. The thing is though, I have blocked flash by *CHOICE*.

    4. Joseph Haig

      Re. Flash, haha

      ... saviour of the universe?

  2. Anonymous Coward
    IT Angle


    Does this really surprise anybody? FB is nothing more than an iSTD.

    1. Anonymous Coward


      Does this really surprise anybody? The internet is like one big virus hole. May as well just unplug my telly while I'm at it too.

      1. jake Silver badge

        @AC 23:39

        "May as well just unplug my telly while I'm at it too."

        Uh ... your telly doesn't exactly transmit what you are watching, does it?

        (Yeah, yeah, yeah, I know, I'm talking world-readable, not local wireless.)

    2. Elmer Phud


      Well, I must be wearng a condom - and so must thousands of others who don't fall for the cheap and easily spotted tricks that also appear elsewhere on the web.

      I'm not sure if many of those who believe that Facebook is just one huge trap ready for punters to fall in to have ever used it for more than a couple of minutes.

      There seems to be - a la Mac-haters - a sort of knee-jerk reaction similar to those who comment on the Daily Mail site "I've heard it's bad so down with that sort of thing".

      Do we not get emails that we ignore or do we click on everything that comes in through the inbox?

  3. gimbal

    Darwin, Meet Facebook

    I wonder if there will ever be a generation of youngsters who will, finally, grow up to be some non-gullible adults, about all things technical?

    A man can dream, right?

  4. Winkypop Silver badge
    Thumb Up

    FB and ne'er-do-wells

    Made for each other....

  5. adnim


    "Virtually every browser is vulnerable, although many browsers come with safeguards that can make exploitation harder."

    Virtually every browser is vulnerable, although many browsers are used by the clueless which regardless of safeguards makes exploitation trivial.

    FB users and links to banal subject matter... kittens and balls of wool.

    Perhaps my experience helps me realise that links/topics such as the one used for this exploit are drearily commonplace, often predictable and are seldom worth the effort of a click. It can't be common sense that stops me clicking such links, for by definition common sense occurs frequently, is usual and shared amongst humanity. If it was common sense, no one would click such links.

    Is the average FB users life so empty that a link entitled "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE" becomes such an exciting opportunity to seek entertainment that it cannot be ignored?

    1. Anonymous Coward


      It was a good enough head-line to get me to click the story on El Reg......d'oh...Good job I don't use FB (or rather good job FB doesn't use me).

      1. heyrick Silver badge

        @ AC ("D'oh")

        I don't care about FB or stupidly obvious links. I just came here to read the comments!

  6. Anonymous Coward

    we need to have alert about it!

    I think we need to have some websites to alert users about these issues at the same time. I wrote about it in Twitter on Firday but no one listened to me!!! So, we really need to have an alert website. Users can register there and say for example I want to have security alert of,, and Not

    Most of the people do not want to spend their time to read these security articles. we need to have something more useful for normal user!

    1. lglethal Silver badge
      Thumb Down


      Or people could just use some frigging common sense and not click on every little thing that their "friends" send them...

    2. N2

      Or do we have to spell it out?

      So along with the large dollop of common sense as prescribed above...

      Just dont use crappy stuff like Facebook, Twatter, Yahoo mail, Hotmail & such other well known security cullinders such as Microfuck Messenger.

      All of which are for kids to infect their parents computers so I can charge a fortune to clear it up - cheers easy!

      1. Anonymous Coward


        Makes you wonder who is worst, the pervveyor of these nasties, or the robbing highwayman who takes advantage of such situations. Good luck while your work lasts as linux and Mac OSX start to gain ground against bug ridden windoze.

    3. Mike Flugennock
      Thumb Up

      We already have an "alert Web site"...

      ...and it's called The Register.

      Seriously, every major threat to privacy on the Internet I read about on El Reg, often before anybody else had it.

  7. Anonymous Coward

    Own Code

    I have to wonder why on earth FB decide that its a good idea to let people have their own code on these pages. Otherwise how do they load up the iframes?

  8. Anonymous Coward
    Anonymous Coward

    So what is the end result of this?

    It's send stuff to your friends? What does it send? How do you stop it? Article is all a bit vague.

  9. Mike Flugennock

    Facebook; no duhh.

    Luckily for me, I deleted my Facebook account -- barebones and info-free as it was -- the other night after deciding that, on top of all the datamining and privacy issues, there wasn't anything I could do on Facebook that I couldn't do with email and a carefully assembled CC: list.

    Oh, yeah, and I almost forgot... Flash bites.

  10. Anonymous Coward

    Take that!

    I deleted my facebook, my dog and all my family! In fact I don't even connect to the internet anymore, just in case I get scammed, spammed and whammed! I have become so paranoid and so righteous that this comment is appearing direct from the power of my brain!

    Lighten up you lot! FB is a crock we all know that, but then crossing the road is fraught. In fact more likely you will die slipping over in your bathroom than being run over, but you don't stop going to the kharzi!

  11. Tom 13

    So, any takers for how long it takes Zuckerman to figure out that

    opening his social networking to world + dog scanning was an invitation to this sort of problem?

  12. Anonymous Coward


    "Twitter was attacked by a series of clickjacking exploits last year that forced users to publish tweets against their will."

    Bullshit. the computer didn't hold a gun to their heads and for them to tweet. I'm sure they were just too stupid to not tweet garbage.

This topic is closed for new posts.