Zscaler Tools

Zscaler Likejacking Prevention — Plug-In for Firefox, Google Chrome, Safari and Opera

The Zscaler Likejacking Prevention keeps you safe from Facebook scams that hide widgets such as 'Like' buttons on third party pages, using a technique known as clickjacking. With Likejacking, attackers exploit the Facebook Like button and other Facebook widgets, to spread spam and propagate scams by tricking users into advertising the malicious content via their own Facebook profiles.

Version
1.1.2

The following Zscaler Likejacking Prevention extensions are available:

Likejacking is a form of Clickjacking – a social engineering attack whereby victims are tricked into clicking on one or more hidden links on a page. With Likejacking, attackers exploit the Facebook ‘Like’ button and other Facebook widgets, to spread spam and propagate scams by tricking users into advertising the malicious content via their own Facebook profiles.

This extension offerstwo main features:

  • Information about the page: Does it contain Facebook widgets? Are these widgets hidden?
  • Protection: Require explicit confirmation from the user when clicking on a Facebook widget on a suspicious page

You can see a video of the add-on for all three browsers on our blog.

Page information

On Firefox and Chrome, an icon is displayed in the URL bar when a page contains at least one Facebook widget. If the page is suspicious, meaning hidden widgets were detected, the icon has a red background. You can use http://www.zscaler.com/research/plugins/likejacking/example.htm as an example of a suspicious page for testing purposes.

Suspicious Page in Firefox
Suspicious page found in Firefox

If the page is safe, meaning the widgets are not hidden, the icon background is green. This allows users to have a quick understanding of the safety of the page.

Suspicious Page in Chrome
Safe page found in Chrome

Safari has the same functionality, but uses a toolbar instead of an icon.

Suspicious Page in Safari
Suspicious page found in Safari

You can get more information on the page by clicking on the icon, or "More options" in Safari:

  • How many widgets were found on the page
  • Whether the page is suspicious or not
  • What protection was applied on the Facebook widgets

Facebook Widgets
Information, and actions, for a page with Facebook widgets (Chrome)

The popup (Chrome), or toolbar (Safari & Firefox) also lets users perform certain actions on the page. A user can whitelist the current domain (see details below), manage their preferences, or display the hidden Facebook widgets on the page.

Users can also report back to Zscaler any page that was classified improperly by clicking on "Report an error". This will open a new tab in the user’s browser and send them to a form on the zscaler.com website. We will use this information to improve the add-on.

Display hidden widgets

As you can see in the Youtube video, it is possible to expose the hidden widgets. The extension can modify the source of the page (opacity, height, weight, z-index, overflow, etc.). You can try this feature on the Zscaler test page - http://www.zscaler.com/research/plugins/likejacking/example.htm.

Exposed firefox
Hidden Like buttons exposed in Firefox

Explicit confirmation

You can choose your level of protection in the preferences:

  • Delete all Facebook widgets - Choose this option if you never use ‘like’ buttons on external sites. You can always whitelist a domain to keep the widgets on a particular site.
  • Always ask for explicit confirmation - A popup will warn you that you clicked on an element that is trying to post to your public profile. You can choose to stop the action, or to let the page post to your profile. This is a good option if your rarely click on Like buttons.
  • Ask for explicit confirmation only on suspicious pages with hidden widgets - This is a good balance between security and productivity. It is the recommended setting.

Explicit Safari
Explicit confirmation in Safari

You can also whitelist domains so that no protections are implemented on a given site. The popup, or toolbar, can show you what action was taken on a page: confirm, remove, or ignore (no protection applied).

Extension Chrome
Extension preferences in Chrome

Additional Notes

The extension does not affect the ability to use the main Facebook site; it protects users only on other sites that use Facebook widgets.

Some Facebook widgets are hidden by design. This is normal, and the extension will not list them as suspicious and will not apply any protection on them.

  • Get Zscaler Likejacking Prevention for Google Chrome web store
  • Get Zscaler Likejacking Prevention for  Firefox add-on from our website.
  • Get Zscaler Likejacking Prevention for  Safari from our website.
  • Get Zscaler Likejacking Prevention for  Opera from our website.

If you find any problem with this add-on, please let me know at jsobrier@zscaler.com

 

Ad Retargater