Our best worst friend Facebook is full of resources. Not only for attackers but also spammers. The “I like” button became very popular on many personal (blogs) and professional websites.
Basically, the purpose is simple and efficient: If you are logged on Facebook and visit a website which proposes an “I Like” button, by clicking on it, a link will be automatically added on your Facebook wall. This is a nice tool for webmasters which can promote their content to a huge audience without many efforts.
But, it seems that some malicious webmasters are hiding this Facebook feature behind other buttons like video players or any other object thanks to some CSS code. Example:
<fb:like href="http://www.my-very-nice-site.com/ads"
width="20"
action="like"
layout="button_count"
id="liframe1"
style="opacity:0;filter:alpha(opacity=0);">
</fb:like>
By playing with the proprietary “opacity“, it is possible to render an invisible button. It seems that web developers already reported this issue. But, from a privacy point of view, this “feature” could have huge impacts for the Facebook users. Let’s imagine that you visit an adult website and watch some hot videos. If the same technique is implemented, they will be linked on your wall. This could also be a nice social-engineering technique. If you can display information on someone’s wall, they are chances that the link will be also visited by his/her friends. Take care!
How to
Related source:
Yet another reason not to have a facebook account. Remember: you are their product, not their customer.