Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today
Press Release

Zscaler ThreatLabZ Releases Free Tool to Combat Facebook Security Issues

Sunnyvale, California, September, 26, 2011

Download & Get Protected Today:

Zscaler, The Cloud Security Company, today announced the release of a free security tool that consumers can download from the web to protect themselves against malicious threats, scams and spam propagated on Facebook through a technique called “Likejacking.” The latest free consumer security tool developed by Zscaler ThreatLabZ – the company’s research arm – Zscaler Likejacking Prevention is available today as a plug-in for Firefox, Chrome and Safari browsers.

Zscaler ThreatLabZ has seen the number of Likejacking attacks grow to become the most common social engineering threat encountered on Facebook today, with unsuspecting users and their friends falling victim daily. Likejacking is a form of Clickjacking, which causes people to be surreptitiously tricked into clicking one or more hidden links on a web page. With Likejacking, attackers exploit the Facebook “Like” button and other widgets – including the latest announced “Listened,” “Watched” and “Read” gestures, game “Challenge” button, and even the “Dislike” button if implemented – by getting people to click them. The “Like” buttons are often hidden transparently behind a “Play” or other button, causing you to click without knowing that you just unintentionally “Liked” something; this causes the content to appear in your friends’ News Feeds with a link back to the “Liked” website. The result, as you can imagine, is that it can spread virally very quickly from network to network, enabling the attacker to spread malicious links, propagate spam and conduct other types of social engineering attacks.

“Our findings are consistent with other security researchers, who estimate that approximately 15 percent of Facebook videos alone are, in fact, Likejacking attacks,” said Julien Sobrier, senior researcher, Zscaler ThreatLabZ, and developer of the new Zscaler Likejacking Prevention tool. “In 2010, for example, hundreds of thousands of Facebook users fell victim to a single scheme alone.”

Sobrier continued: “Attackers are constantly developing and engineering new tactics and, unfortunately, traditional security products often lack the kind of protection users need to defend themselves. As Web 2.0 sites increase their use of social plug-ins such as the Facebook ‘Like’ button, attackers are shifting to malicious clickjacking techniques, which are not being detected by browsers. Proactive tools like the new Zscaler Likejacking Prevention tool will provide simple yet effective protection against Likejacking and any type of clickjacking impacting Facebook widgets.”

According to Michael Sutton, VP of Security Research, “Communication mediums on the Internet have shifted and attackers have quickly adapted. Whereas spam email was once the communication medium of choice for attackers, they now leverage social networks to communicate with victims. Overall, Facebook is a more effective social engineering tool because, when exploited, the communication is coming directly from a trusted source. Unfortunately, browsers remain vulnerable to web-based attacks such as Likejacking, and mobile browsers and traditional security solutions have failed to address this threat.”

Zscaler Likejacking Prevention is freely available to everyone today and can be downloaded from

And, for more information on Likejacking, please visit the Zscaler ThreatLabZ blog or fast-track to relevant posts by clicking these links:

  • 'LikeJacking' - What is it?
  • Facebook Likejacking, phishing and spam
  • A bookmarklet to uncover Facebook Likejacking
  • The "Dad walks in on Daughter.. EMBARRASSING!" Facebook scams
  • Halloween Likejacking Campaign

About Zscaler ThreatLabZ™

Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect customers against advanced threats.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.

Media Contacts

Natalia Wodecki, Sr. Director, Global Integrated Communications & PR, [email protected]