Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

An Example Of Likejacking (Facebook Clickjacking)

January 10, 2012 - 1 min read
Last year, we released Zscaler Likejacking Prevention, a free browser extension to protect users from clickjacking leveraging Facebook widgets. Since then, I've seen many websites using Likejacking as their "business model" (i.e. this is how they get traffic to their spam site).

Usually, these spam websites try to get the user to click on a specific area of the page where they have hidden one or more 'Like' buttons. Recently, we found a website where the hidden Facebook 'Like' button follows the mouse throughout the page. No matter where you click, you hit the Like button.
Hidden Like widget follows the mouse

The technique to hide the button, has however been seen previously. There are hidden DIV elements with the opacity set to 0.0.1, which makes them transparent, although they are in the foreground. The position is set to absolute so that it can move anywhere on the page.

Here is a video that explains how it works:

You can get the free Zscaler Likejacking Prevention extension for Firefox, Google Chrome, Safari and Opera on our website.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.