By: ThreatLabz

Halloween Likejacking Campaign

Phishing

I've already described (Facebook) "likejacking" in a past blog post, and we mentioned a likejacking campaign in early October here. The latest one going around has the title:

"OMFG!! The 10 Most WEIRD Facts About HALLOWEEN! [SCARY!]!"


Currently the likejacked URLs are:
hxxp://www.thefberas.info/halloween2010
hxxp://www.weliketolike.net/5things/


The likejacking sites are both served from 174.137.168.4 (Webair).

What's interesting is a comment in the source of the HTML at the top of the likejack pages for both of the sites that advertises:

"If you want to sell your pages contact <removed>@hotmail.co.uk"
(I removed the email address)

Presumably this likejacking campaign is advertising to advertise (likejack) your page for you. Google searches reveal the same email address used in Facebook
application development forums ... I think it is time for a thorough code review of this individuals Facebook application. Especially in light of the recent Facebook application privacy breaches.

Learn more about Zscaler.