Busty Bartenders Clickjack Facebook Users
Facebook users have unwittingly become fans of "Busty Bartenders" in the latest wave of clickjacking attacks. The eye-catching bartender hack was reported earlier this month by "Noah," a software engineer and blogger.
This site and similar sites associated with it, have exploited Facebook's "like" function, a trick called clickjacking.
"The site sets up a front page that prompts people to click to continue on to the main portion of the site. That main page is actually composed entirely of a hidden iframe that has the script associated with posting a 'like' status to your Facebook page embedded within it," Noah explained in a post. "Not terribly clever but still clever enough that it caught me."
An iframe is meant to be a temporary placeholder for use during webpage development, but has been exploited to conceal malicious code such as this clickjacking example.
When visitors clicks on the "Continue here to see photos," link on the webpage, Facebook is notified that those visitors "like" the site, though the Facebook Like button is not visible. The notification then gets published on the user's Facebook pages and shared with their Facebook friends . Voilà―busty bartenders goes viral.
Bustybartenders.com and its many sister sites, all point to the same online address. The Scottsdale, Arizona site was registered with a private service, so no information on ownership is available to the public.
While the "Busty Bartender" clickjacking scheme is relatively harmless – users aren't lured into buying something, giving up their personal identification or infected with malware – it may prove annoying. Further, the clickjacking scheme may have been launched prematurely before malware was put in place, according to Jamz Yaneza, threat researcher for TrendMicro.
Facebook users should avoid clicking on links that may be harmful, and to check their newstreams to delete any such links. But identifying rogue links can be very difficult, according to Yaneza.
"The best and only solution is to use active protection," Yaneza told TechNewsDaily. He advised computer users to look for a security product that offers web reputation blocking. This feature will automatically block users from visiting sites that are known to contain malware or other threats.
UPDATE: The Busty Bartenders site has changed its url and revealed the Facebook "Like" button, users must now "Like" the site before entering. Preview photo has been removed.
