“Smoking Hot Bartenders” – A Spam ClickJacking The Facebook Like Button
Posted: August 26th, 2010 | Author: Akmal“Smoking Hot Bartenders” is a recent spam spreading like wild fire on Facebook. Obviously the site is spam where a user is required to fill in a form (i.e. offer) in order to access “Smoking Hot Bartender” pictures.
The spam uses a genius technique with which a user even if you decline to fill in the form and close the window will be vulnerable.
If you take a look at the site cutebabesbartending.info you will see how this viral scheme is being executed. The first thing you see when you land on the site (most likely from Facebook where you are already logged in) is a picture of some hot girls and a link to click through. The updated page does not have a link and you cannot scroll down the page (They are probably using a Javascript code to force you to remain scrolled up), naturally you will click the picture when you can’t do anything else. The key to the scheme on the previous version of the page was in the link.
If you take a look at the source code of the page you will see that they are redrawing the Facebook like button with 0 opacity so it follows your mouse on the screen, and when you click anywhere in the page you also click the like button!
This is an ingenius technique. You are thinking you already know it’s a spam site and you will avoid it in the next page, but after clicking through you have liked the page and it’s already sitting in your feed.