Zscaler ThreatLabZ Releases Free Tool to Combat Facebook Security Issues

Sunnyvale, California, September 26, 2011

Download & Get Protected Today: https://www.zscaler.com/tools/zscaler-likejacking

Zscaler, The Cloud Security Company, today announced the release of a free security tool that consumers can download from the web to protect themselves against malicious threats, scams and spam propagated on Facebook through a technique called “Likejacking.” The latest free consumer security tool developed by Zscaler ThreatLabZ – the company’s research arm – Zscaler Likejacking Prevention is available today as a plug-in for Firefox, Chrome and Safari browsers.

Zscaler ThreatLabZ has seen the number of Likejacking attacks grow to become the most common social engineering threat encountered on Facebook today, with unsuspecting users and their friends falling victim daily. Likejacking is a form of Clickjacking, which causes people to be surreptitiously tricked into clicking one or more hidden links on a web page. With Likejacking, attackers exploit the Facebook “Like” button and other widgets – including the latest announced “Listened,” “Watched” and “Read” gestures, game “Challenge” button, and even the “Dislike” button if implemented – by getting people to click them. The “Like” buttons are often hidden transparently behind a “Play” or other button, causing you to click without knowing that you just unintentionally “Liked” something; this causes the content to appear in your friends’ News Feeds with a link back to the “Liked” website. The result, as you can imagine, is that it can spread virally very quickly from network to network, enabling the attacker to spread malicious links, propagate spam and conduct other types of social engineering attacks.

“Our findings are consistent with other security researchers, who estimate that approximately 15 percent of Facebook videos alone are, in fact, Likejacking attacks,” said Julien Sobrier, senior researcher, Zscaler ThreatLabZ, and developer of the new Zscaler Likejacking Prevention tool. “In 2010, for example, hundreds of thousands of Facebook users fell victim to a single scheme alone.”

Sobrier continued: “Attackers are constantly developing and engineering new tactics and, unfortunately, traditional security products often lack the kind of protection users need to defend themselves. As Web 2.0 sites increase their use of social plug-ins such as the Facebook ‘Like’ button, attackers are shifting to malicious clickjacking techniques, which are not being detected by browsers. Proactive tools like the new Zscaler Likejacking Prevention tool will provide simple yet effective protection against Likejacking and any type of clickjacking impacting Facebook widgets.”

According to Michael Sutton, VP of Security Research, “Communication mediums on the Internet have shifted and attackers have quickly adapted. Whereas spam email was once the communication medium of choice for attackers, they now leverage social networks to communicate with victims. Overall, Facebook is a more effective social engineering tool because, when exploited, the communication is coming directly from a trusted source. Unfortunately, browsers remain vulnerable to web-based attacks such as Likejacking, and mobile browsers and traditional security solutions have failed to address this threat.”

Zscaler Likejacking Prevention is freely available to everyone today and can be downloaded from https://www.zscaler.com/tools/zscaler-likejacking.

And, for more information on Likejacking, please visit the Zscaler ThreatLabZ blog or fast-track to relevant posts by clicking these links:

  • 'LikeJacking' - What is it?
  • Facebook Likejacking, phishing and spam
  • A bookmarklet to uncover Facebook Likejacking
  • The "Dad walks in on Daughter.. EMBARRASSING!" Facebook scams
  • Halloween Likejacking Campaign

About Zscaler ThreatLabZ™

Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect customers against advanced threats.

About Zscaler

Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.

Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.

Additional Resources:

Media Contacts:

Whitney Black 
Director of Communications