Sunnyvale, California, September 26, 2011
Download & Get Protected Today: https://www.zscaler.com/tools/zscaler-likejacking
Zscaler, The Cloud Security Company, today announced the release of a free security tool that consumers can download from the web to protect themselves against malicious threats, scams and spam propagated on Facebook through a technique called “Likejacking.” The latest free consumer security tool developed by Zscaler ThreatLabZ – the company’s research arm – Zscaler Likejacking Prevention is available today as a plug-in for Firefox, Chrome and Safari browsers.
Zscaler ThreatLabZ has seen the number of Likejacking attacks grow to become the most common social engineering threat encountered on Facebook today, with unsuspecting users and their friends falling victim daily. Likejacking is a form of Clickjacking, which causes people to be surreptitiously tricked into clicking one or more hidden links on a web page. With Likejacking, attackers exploit the Facebook “Like” button and other widgets – including the latest announced “Listened,” “Watched” and “Read” gestures, game “Challenge” button, and even the “Dislike” button if implemented – by getting people to click them. The “Like” buttons are often hidden transparently behind a “Play” or other button, causing you to click without knowing that you just unintentionally “Liked” something; this causes the content to appear in your friends’ News Feeds with a link back to the “Liked” website. The result, as you can imagine, is that it can spread virally very quickly from network to network, enabling the attacker to spread malicious links, propagate spam and conduct other types of social engineering attacks.
“Our findings are consistent with other security researchers, who estimate that approximately 15 percent of Facebook videos alone are, in fact, Likejacking attacks,” said Julien Sobrier, senior researcher, Zscaler ThreatLabZ, and developer of the new Zscaler Likejacking Prevention tool. “In 2010, for example, hundreds of thousands of Facebook users fell victim to a single scheme alone.”
Sobrier continued: “Attackers are constantly developing and engineering new tactics and, unfortunately, traditional security products often lack the kind of protection users need to defend themselves. As Web 2.0 sites increase their use of social plug-ins such as the Facebook ‘Like’ button, attackers are shifting to malicious clickjacking techniques, which are not being detected by browsers. Proactive tools like the new Zscaler Likejacking Prevention tool will provide simple yet effective protection against Likejacking and any type of clickjacking impacting Facebook widgets.”
According to Michael Sutton, VP of Security Research, “Communication mediums on the Internet have shifted and attackers have quickly adapted. Whereas spam email was once the communication medium of choice for attackers, they now leverage social networks to communicate with victims. Overall, Facebook is a more effective social engineering tool because, when exploited, the communication is coming directly from a trusted source. Unfortunately, browsers remain vulnerable to web-based attacks such as Likejacking, and mobile browsers and traditional security solutions have failed to address this threat.”
Zscaler Likejacking Prevention is freely available to everyone today and can be downloaded from https://www.zscaler.com/tools/zscaler-likejacking.
And, for more information on Likejacking, please visit the Zscaler ThreatLabZ blog or fast-track to relevant posts by clicking these links:
Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect customers against advanced threats.
Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates a massive, global cloud security platform that protects thousands of enterprises and government agencies from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.
Zscaler ™, SHIFT™, ZIA™, ZPA™, Direct-to-cloud™ and The internet is the New Corporate Network™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.
Whitney Glockner Black
Director of Communications