The text is in Spanish, but it’s quite clear what’s on offer: Some sort of video about girls in bikinis.
“Mira lo que ocurre” translates to “Look what happens”. Clicking on the video link leads to a page with a “video player” surrounded by various forms of Web advertising. The full title of the video is now revealed “VIDEO: CHICAS EN LA PLAYA TOMANDO SOL. VEAN LO QUE OCURRE ” (“Girl on beach sunbathing. See what happens”). The same page has been posted to multiple links on the destination site – each ending with a different number (“a33010” in the example below). This technique is designed to make blocking harder for URL filtering systems that specify the specific links.
Clicking on the play button may or may not play the video but ensures the spread of the page by posting a similar like on the clickers Facebook page. A mouse-over script ensures that the play button functions as a Facebook Like button resulting in the Likejacking. If a user had logged out of Facebook before clicking on play then they would have been asked to login to Facebook.
The purpose of this likejacking attack appears to be drawing people to the many advertising links on the destination pages to generate revenue for the page owners.
Leave a reply
