Are Your Customers Liking Spammers?

Zscaler has come out with its 2Q State of the Web report. It included tidbits including China's surge in rankings, from #5 in the first quarter to #2 in the second quarter, when looking at countries hosting malware sites, the increase in traffic at Wikileaks, and Twitter follower scams.

The finding that jumped out most at me, however, was this:

Use of Facebook's 'Like' buttons is also gaining popularity among attackers who are using the feature within the app and on other sites to promote malicious websites.

The 'Like' button might be one of the best marketing tools created since the advent of the television commercial. I'd say that on an average day, over half of the updates scrolling through on my status feed tell me about products and brands that my friends like, many I never would have known about otherwise. And not only do I learn about a new product, but multiple friends are endorsing it! 

Except, according to Zscaler, pressing that 'Like' button to praise your favorite laundry detergent or movie may actually be infecting the fan's computer. Calling it Likejacking, the report stated:

This Likejacking incident hides an invisible button on the page, leveraging a technique known as clickjacking, so that if the visitor clicks anywhere on the page, the user is unknowingly telling Facebook that they 'like' the page.  This and other 'Likejacking' incidents that we've seen are designed to direct traffic to CPALead or other advertising networks in order to generate revenue for the perpertraors behind the incident.

By the way, one of the most popular things to 'like' lately is the Facebook dislike button, which is -- not surprisingly -- a scam.