WARNING: Facebook Clickjacking Attack Spreading Through News Feed

A new clickjacking worm is spreading through Facebook via the “Like” feature. The attack, which is said to have hit hundreds of thousands of users, uses a combination of social engineering and clickjacking to make it appear as if a user has “liked” a link.

The messages that are being used in the link text include, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE,” “This man takes a picture of himself EVERYDAY for 8 YEARS!!,” “The Prom Dress That Got This Girl Suspended From School” and “This Girl Has An Interesting Way Of Eating A Banana, Check It Out!”

When a user clicks on the text that appears to be “liked” he is taken to a blank page that just has the text, “Click here to continue.” Clicking anywhere on that page will then publish the same message to that users Facebook page.

This vector is extremely similar to the Fbhole worm that spread across Facebook 10 days ago. Because users unwittingly end up recommending the offending page to their social graph, this is the type of worm that can spread extremely quickly.


Security firm Sophos has identified the linked pages as being infected with the Troj/iframe-ET worm. It doesn’t appear as if the worm does anything other than add likes to your feed, but if you’ve been infected, you’ll still want to take action.

Sophos recommends deleting any entries in your news feed related to the links and check your profile and info pages to make sure that no links or pages related to those sites have been added to your profile.


- Posted using BlogPress from my iPhone

Facebook, YouTube, Texting: Rules of the Road for Kids

 Facebook, YouTube, Texting: Rules of the Road for Kids:
,you
Our kids are growing up in public. Here are a few rules of the road that will help our kids make smart decisions...

Pre-Order “Toy Story 3″ Tickets on Facebook

Disney has created a new Facebook app that will let users buy tickets to see Toy Story 3 right on the site, while also inviting their friends along. The application is called Disney Tickets Together and is a brilliant example of social media synergy.



The app, which works in partnership with ticket-buying websites like Fandango.com, lets users pre-order tickets for the show and then invite others to join them. Users can also post what showing they are going to on their Facebook news feed.

This is the type of campaign that is a perfect fit for social media. Not only does the ability to buy tickets without leaving Facebook make impulse ticket buys more likely, but the social aspect makes group planning that much easier.

The nice thing about the Facebook app is that you can view what types of theaters are showing the film in your area (meaning 3D, stadium seating, IMAX 3D, etc.) and you can also invite along non-Facebook friends by entering in their e-mail address.

Tickets aren’t available for pre-order at all theaters but many more will be added next week.

Source: Christina Warren of Mashable

WARNING: Facebook Malware Attack on the Loose!

A Facebook phishing attack is on the loose this weekend — the third widespread attack on the site in the past three weeks. The attack attempts to steal your Facebook login credentials, install malware on your computer, and even get your home address.

The attack is spread via a “hilarious video” posted to Facebook walls, reports WebSense — when clicked, a form appears requesting your Facebook login.

The attack then returns you to Facebook, installs an app called “Media Player HD”, and asks you to download the “FLV player” — doing so installs malware on your machine. It gets worse: Depending on your location, you may also be presented with a contest to win an iPad … if you just enter your home address.

To avoid getting caught, simply remove the “hilarious video” if you find it on your Facebook wall. If you see it elsewhere on Facebook, don’t click it … and of course remember the obvious rule: Don’t enter your Facebook login anywhere other than Facebook.com.

If you already fell for the attack, change your Facebook password, uninstall the Facebook app (often called “Media Player HD”), and run a virus/malware scan on your computer.



- Posted using BlogPress from my iPhone

7-11 Starts Selling “FarmVille” Slurpees!!

7-11 will soon offer FarmVille-branded products that will unlock virtual, 7-11-branded items in the popular Facebook game. Two other games from game-maker Zynga will also get tie-ins with the stores: Mafia Wars and YoVille.

Seven thousand 7-11 stores will offer around 30 branded items, including Slurpees and ice cream, among other things. When a customer buys one of the promotional products, he or she will then be directed to perform some special task in the game world to acquire one of the 7-11 items.

This is the first retail partnership of this kind for Zynga, although this deal grew out of a more limited program in which the company sold FarmVille, Mafia Wars and YoVille (Yoville) game cards at 12,800 participating 7-11 stores. Zynga is no stranger to virtual branding promotions, either; it has been selling brand-sponsored FarmVille crops since last month.

The company has been very busy making deals over the past few weeks, actually; it just signed a five-year agreement with Facebook involving the use of Facebook’s proprietary virtual currency, and it is also launching games on MySpace (MySpace), including the new Bangkok expansion for Mafia Wars.

Kid Racks Up $1400 Debt in FarmVille

Oh dear — looks like it’s time to add FarmVille to the list of internet addiction scares after a 12-year-old UK boy has amassed £905 in FarmVille debt. About £288 of that came from the boy’s own savings, while £625 was billed to his horrified mother’s credit card.

The debt — which is equivalent to about $1400 USD — was racked up in all of about two weeks’ worth of gameplay. In the popular casual Facebook game, players can spend real money to accrue virtual currency and items. It’s a business that’s booming enough to garner the game’s developer Zynga an estimated valuation as high as $5 billion.

Neither Zynga or the mother’s credit card company HSBC responded positively to requests for refunds; the latter indicated only a criminal proceeding could trigger eligibility for getting the funds reinstated. A spokeswoman for HSBC indicated that had the expenditures been on a gambling site the escalating transactions would have raised warning flags, but since the purchases were technically Facebook Credits, they didn’t warrant suspicion.

What do you think: is FarmVille destined to replace World of Warcraft as the favorite scapegoat for cable news gaming addiction scare segments?

[via Games.com]

My Fave Country Life Farms in Facebook