Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Facebook "Like Pages"

Published: 2010-09-16
Last Updated: 2010-09-16 16:55:24 UTC
by Johannes Ullrich (Version: 2)
10 comment(s)

I am seeing a trend on Facebook recently, and I am not sure what to make of it. As we all know just too well, Facebook has a "Like" feature. This feature, a little button associated with a post, allows you to show agreement with a post. Lately however, I am seeing more and more posts like the following:

I covered up the parts identifying the friend of mine who posted this. A few things make these posts look "suspect": The post itself links to a domain "x.co". This is not the only domain used for these posts and it isn't obvious if they are all related (but many are). Another domain associated with x.co is for example thelikepage.com.

Once you click on it, you are offered a large number of other "provocative quotes" and offered to "like" them. At this point, I am mostly asking "what is the point"? Is it just an attempt to direct Facebook users to ad-covered pages? Or is there something more sinister at play? I don't see any exploits like click-jacking or cross-site-request-forging used. These pages also do not phish your credentials like some other similar pages.If you got an opinion or any further inside, please let us know.

Update: Just a quick summary of some of the feedback we got so far. Too much to mention every single one (Thanks BTW!)

Nobody has seen anything malicious from these URLs yet, so it appears to be just "Spam", maybe search engine optimization techniques to get these pages linked and ranked higher. A couple readers noted that unlike a regular "like", it is not so easy to remove these notes from your profile. You need to go to your "wall" page and remove them. You can not remove them like normal "Likes" from your "Newsfeed".

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

10 comment(s)
Diary Archives