Facebook® susceptible to cloaking attacks

Don’t trust every link that’s posted on Facebook — even if it shows a preview.

According to the hacking group, Blackhat Academy, Facebook’s URL scanning is susceptible to cloaking attacks. Their research suggests that Facebook’s URL scanning could be manipulated to think that a particular malicious page is clean. However, when a user clicks on it, they are directed toward a page that contains malware infections. This technique has been quite popular with SEO experts, who subscribe to Blackhat techniques in order to promote websites on Google. Cyber criminals have also resorted to this technique to poison Google search results by creating keyword-rich pages that redirect users to a page containing malware infections.

To demonstrate how Facebook could be used by fraudsters to spread malware, Hatter, one of the members of the Blackhat Academy, showed the technique of posting a URL to a JPEG file on a wall. The live demonstration showed how that particular URL was crawled by Facebook, which added a thumbnail image to the post. When the link was clicked, it redirected to YouTube. The hackers at the academy said, “While most major sites that allow link submission are vulnerable to this method, sites including Websense, Google , and Facebook make the requests easily identifiable.”

Facebook, however, said that they were fully aware of this menace and well-prepared to deal with the situation. A Facebook spokesman is reported to have said, “We’re well aware of the content forgery technique described and have built protections into our systems to account for it.”