Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

“Look what happens” when you try and watch videos of girls in bikinis on Facebook

The text is in Spanish, but it’s quite clear what’s on offer: Some sort of video about girls in bikinis.

“Mira lo que ocurre” translates to “Look what happens”. Clicking on the video link leads to a page with a “video player” surrounded by various forms of Web advertising. The full title of the video is now revealed “VIDEO: CHICAS EN LA PLAYA TOMANDO SOL. VEAN LO QUE OCURRE “ (“Girl on beach sunbathing. See what happens”). The same page has been posted to multiple links on the destination site – each ending with a different number (“a33010” in the example below). This technique is designed to make blocking harder for URL filtering systems that specify the specific links.

Clicking on the play button may or may not play the video but ensures the spread of the page by posting a similar like on the clickers Facebook page. A mouse-over script ensures that the play button functions as a Facebook Like button resulting in the Likejacking. If a user had logged out of Facebook before clicking on play then they would have been asked to login to Facebook.

The purpose of this likejacking attack appears to be drawing people to the many advertising links on the destination pages to generate revenue for the page owners.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...