Facebook "Like Pages"
I am seeing a trend on Facebook recently, and I am not sure what to make of it. As we all know just too well, Facebook has a "Like" feature. This feature, a little button associated with a post, allows you to show agreement with a post. Lately however, I am seeing more and more posts like the following:
I covered up the parts identifying the friend of mine who posted this. A few things make these posts look "suspect": The post itself links to a domain "x.co". This is not the only domain used for these posts and it isn't obvious if they are all related (but many are). Another domain associated with x.co is for example thelikepage.com.
Once you click on it, you are offered a large number of other "provocative quotes" and offered to "like" them. At this point, I am mostly asking "what is the point"? Is it just an attempt to direct Facebook users to ad-covered pages? Or is there something more sinister at play? I don't see any exploits like click-jacking or cross-site-request-forging used. These pages also do not phish your credentials like some other similar pages.If you got an opinion or any further inside, please let us know.
Update: Just a quick summary of some of the feedback we got so far. Too much to mention every single one (Thanks BTW!)
Nobody has seen anything malicious from these URLs yet, so it appears to be just "Spam", maybe search engine optimization techniques to get these pages linked and ranked higher. A couple readers noted that unlike a regular "like", it is not so easy to remove these notes from your profile. You need to go to your "wall" page and remove them. You can not remove them like normal "Likes" from your "Newsfeed".
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
I'm also wondering what's up with all of this and what could they be looking for. The other thing about facebook that doesn't generate too much trust is the permission that people give to the different applications, when people say that their account has been hacked because a lot of spam is being posted I strongly believe that in fact their account hasn't been hacked but that they've permitted an application to post to their profile and it's doing so...
lmurillo
Sep 16th 2010
1 decade ago
ASB
Sep 16th 2010
1 decade ago
Some of the things it could be?
The words in the "provocative phrases" could be calculated to produce an emergent behavior, re: page rank, once spammed across a billion facebook pages
Could be the worlds most brilliant steganography implementation
Could be the setup for a bait-and-switch
...but I'd wager it's Yet Another ICanHazCheezBurger Clone; hands-free content generation for the purpose of click-thrus of that lfstmedia.com banner at the bottom.
Steven
Sep 16th 2010
1 decade ago
I agree with ASB that it wouldn't be that hard to create a similar site to host malware or other crap from in the future, once people accept it as annoying, but safe.
elfranko
Sep 16th 2010
1 decade ago
Write-up from their dev page (http://developers.facebook.com/docs/reference/plugins/like):
"If you include Open Graph tags on your Web page, your page becomes equivalent to a Facebook page. This means when a user clicks a Like button on your page, a connection is made between your page and the user. Your page will appear in the "Likes and Interests" section of the user's profile, and you have the ability to publish updates to the user."
David
Sep 16th 2010
1 decade ago
Daniel
Sep 16th 2010
1 decade ago
This fingerprinting can then be used for password guessing but most likely slated at "targeted advertising"...
John
Sep 16th 2010
1 decade ago
How quickly would you click the "Like" button below: "[your close friend's name] likes TO SEE HER EX SPILL HIS BEER (like)".
At first you think you are "liking" a status update. Even if you realize it is a phrase, you might still "Like" that phrase.
Pretty soon that "Like" button will end up being the malicious link we are trained to not click on.
Pretty soon "Like" buttons will be all over the net. We will be like lemmings, clicking on "Like" because everyone else clicks on "Like", no matter what site we are looking at.
You think THIS is bad... wait until FB installs a true "DISLIKE" button. The internet will break all mouse-click records, just moments later :(
roseman
Sep 16th 2010
1 decade ago
- http://www.avg.com/us-en/press-releases-news.tpl-mcr7.ndi-232491
Sep 15, 2010 - "... AVG Threat Labs analyzed the safety of 50 global social networks, finding that:
• Looking at 50 top social networks worldwide, there are 19,491 compromised web pages
• Of these 11,701 are on Facebook - the world’s largest social network
• YouTube had 7,163 compromised web pages ..."
.
PC.Tech
Sep 17th 2010
1 decade ago
cioes.org bill murphy
Sep 21st 2010
1 decade ago