Today a clever Clickjacking campaign is flooding Facebook users. The lure is “Find Who Will be Your Valentine in 2014”.
The link is a “tinyurl”
http://tinyurl.com/nr3ufuk
–> http://valentinefinder.blogspot.dk/?128
–> http://funresults.com/?b
So you end up at this Facebook page (see picture above) from where you’ll need to approve the app, which in turn will get access to your FB account. However, clicking “Annuller” ? equal to “cancel” in English it will indeed be a OK due to clever use of overlapping elements also known as Clickjacking,
Finally you end up with a app “Microsoft” which will spam your friends and groups to get them spreading this and as such has a viral effect. Even worse, a lot of data leakage and investigating potential exploit code. Not a ordinary Sunday here at our lab.
