25/Jul/2014 - Last News Update: 02:05

Facebook and state sue alleged clickjacking spammer

Category: Technology

Published: 27th Jan 2012 17:05:11

Facebook is suing a marketing firm, accusing it of "spreading spam through misleading and deceptive tactics".

Adscend Media is alleged to have carried out "clickjacking".

The practice involves placing posts on the social network which include code that causes the links to appear on the users' homepages as a "liked" item without their permission. The links are designed to take users to other sites.

Ascend Media has not commented.

Facebook likened its security efforts to an "arms race" and said that it was committed to pursuing "bad actors".

"Facebook's security professionals have made tremendous strides against this particular form of attack and we are intent on eradicating it completely," said Craig Clark, the firm's lead litigation counsel.

"We will continue to use all tools at our disposal to ensure that scammers do not profit from misusing Facebook's services."

Washington State also filed a related lawsuit. Its lawyers said that they believed that this was the first time any state had gone to court to combat spam on the social network.

"We don't 'like' schemes that illegally trick Facebook users into giving up personal information or paying for unwanted subscription services through spam," said the state's attorney general, Rob McKenna.

Facebook has posted an article about the case in which it explained that it believed the "scam" had worked by exploiting a vulnerability in people's internet browsers that allowed its 'Like' button to be hidden.

"Once the 'Like' button is made invisible, scammers can overlay pictures and other content, to trick the user to click on the invisible 'Like' button," it said.

"First, Facebook users are encouraged to click the 'Like' button on the scammers' Facebook Pages, which then alerts their friends to the existence of the page. Then they are told that they cannot access the content unless they complete an online survey or advertising offer."

It said one case had involved a link promising to show a man who had taken a picture of his face every day over eight years.

Facebook said that the content often had not existed, and users had been directed to third-party sites. It alleged that "the scammers receive money for each misdirected user".

Washington State's attorney general said that Adscend Media had earned as much $1.2m (£766,000) a month from the practice.

Adscend Media did not respond to requests for comment.

Facebook said that less than 4% of the content shared on its site was currently spam.

The internet security firm, Sophos, acknowledged that the network was trying to combat the problem, but suggested further steps should be taken.

"Facebook tried to introduce anti-clickjacking technology to fight the problem, but it was never entirely satisfactory," said the Sophos's senior technology consultant Graham Cluley.

"What would have been good would have been if Facebook had introduced a 'confirmation' dialog every time a user 'likes' a page on a third-party website. That way, the clickjackers would have been able to trick you into clicking like but you would still have had to confirm that you really wanted to share the message with your online friends.

"In the run-up to IPO [initial public offering], we're sure to see Facebook doing more to present itself as company that is fighting security threats like this."

This is the second time this month that Facebook has accused a group of illegal activity on its site. Last week it named several Russia-based suspects who it said were responsible for a malware attack known as the "Koobface worm".

Multiple reports suggest that the network may float its stock within the next four months. Bloomberg says the firm may sell a minority stake for $10bn, valuing the firm at 10 times the price.

Source:
BBC News External Link Show Citation

Latest News

Harvard Citation

BBC News, 2012. Facebook and state sue alleged clickjacking spammer [Online] (Updated 27th Jan 2012)
Available at: http://www.ukwirednews.com/news/221447/Facebook-and-state-sue-alleged-clickjacking-spammer [Accessed 25th Jul 2014]

News In Other Categories