Newest Hack circulating in Facebook.

[Bluedot]

I guess nobody experienced this before. I googled for it only to find a couple of forums talking about it vaguely. I guess I'm the first one to raise this topic, so here goes.

One of my friends suddenly popped up in the chat box saying he has just photoshopped me, offering me a link to my "modified" image. The link turned out to be leading to a FB app. I have a test profile in Facebook other than my real one. I copied the link and went to it after logging in the test profile. I clicked on "Allow" and next moment, the chat box of my test profile opened and the same link was sent to all people online.

==Screenshot Attached===

[Alboguy]

This is not new. In FB there are lot of apps like this one that automaticlly spams your friends through chat even if you're online.

[INDRANIL]

Hmm cool one .

[Raymond]

I guess the hack only works if the user clicks the Allow button.
I don't think your login information is being stolen after clicking the Allow button though... It's an app that makes you send links to your contacts.
Well I might be wrong.

[Ceyfer √]

Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.

By simply ignoring any shared links, you have already defeated its purpose. Apart from the other crazy stuff, it's one of the most annoying thing I've ever seen in fb. Don't allow trigger-happy habit fools you!

---
http://community.websense.com/blogs/securitylabs/archive/2011/03/28/Italian-Model-Wardrobe-Malfunction-on-Live-TV.aspx