June 5, 2010 (Pen Men at Work): Social networking site ‘Facebook’ that has become a virtual friend of yours, can turn into a dreaded enemy if you get lured by its malicious links.

Recently, a facebook ‘clickjacking’ worm has attacked thousands of users, who clicked on a link indicating the maliciously created Web page. The users clicking on the ‘like’ button were made victims. It spread malware and unwanted code onto the users.

The facebook worm used the ‘Paramore’ lead singer Hayley Williams as a lure to spread the worm, according to the security experts at Sophos.

During the attack, also known as the “likejacking”, the user is connected to a web site containing a naked photo of Hayley, on clicking the link ‘like’. The users are then taken to a third-party website which shows a message “Click here to continue if you are 18 years of age or above.”

In other cases, it took the users to an almost blank page with a single line of text that read “Click Here to Continue.”

Users clicking on the page got infected with malware. Then facebook published the message using an invisible iFrame to their user’s facebook profile.

In the opinion of the researchers at Sophos, the hackers launched the attack by hiding an invisible button under the mouse, that infects users when they click anywhere on the malicious Web site.

The malware spreads very fast from one user to the other as hardly anyone could control the temptation of seeing the star naked.

Graham Cluley, Sophos, senior technology consultant, suggested that the facebook users delete entries related to the malicious links. The users are also recommended to click on their ‘Info tab’ on the profile in order to get help in removing such malicious links.

The best way to avoid the infection of facebook work is to keep yourself away from such alluring links.