Transparent Under The Cursor: A Facebook Liked A Link Evil Trick

This is a blog post for people who experience to "liked a link" without knowing or really liking a link.

Yesternight(March 18) I saw my friend like a link, "Mind blowing Tsunami footage" or something like that. I clicked at the link and end up closing the tab cause it looks spammy.

This morning I saw on my wall that I "liked a link" which is that same page. So I investigated the trick that tricked me.

What's the trick?

In simple words, the like button is:

1. Invisible
2. Follows the mouse

Using this sneaky trick any click, anywhere, will click the like button. To make you click, they use traps to make you click somewhere. (Like the play button of an intriguing video)

How to prevent this?

If you notice the cursor is a pointer (pointing hand), or it is rapidly changing from arrow to pointing hand when you move the mouse, then it might be this facebook like a link trick. Of course this is impossible to be done unconsciously.

For myself, and as usual now shared the world, I made a new user script that would work on Firefox(w/ Greasemonkey addon) and google chrome.

Facebook Anti Like Trick

If I see new "liked a link" tricks and have enough time, I will add new functions to fight against newtricks. (updates are not automatic)

Here's a screenshot of the revealed like button under the cursor(photoshopped the cursor cause it is not included on my screenshot. Screenshot is intendedly grayscaled):

You may want to read about my facebook time limiter user script too:

Facebook Time Limiter

Technical Procedure I've Done

Warning: The following content are for developers only

(Not a nerd? Go To Top :) )

It was hard, it took me about 1 hour even with the help of firebug. I can't find the like button anywhere. I expected it to be invisible. But I expected it to be easily searchable using the html tab of firebug. But on the net tab of firebug, like.php of facebook is being loaded.

This website uses an iframe inside another iframe. (let's call them parent-iframe and child-iframe) . According to net tab of firefox, loading of like.php is right after the loading child-iframe. But when I inspect child-iframe using firebug, I can't find the like button.

I almost gave up. But I realized I can further narrow the search by directly going to the url of the "child-iframe".Then I realized the child-iframe contains the like button redirects to another page, making the like button unsearchable using firebug.

What it probably does is assuming the click was done. Leaving the user clueless. And think that the redirect was because of his click.

The facebook like button is inside a frame(iframe), browser prevents iframes to be edited/read/written by another domain, yes the contents of this frame are not accessible by other websites. but the frame itself is "stylable". But on this encounter, they styled a div wrapper instead of styling the iframe directly.

I also think there's also an invisible pay per click advertisement somewhere.

This makes me think of making a new script that detects transparent iframes. I did small edits on the user script and it turned into a transparent iframe detector.

I will run this script on my firefox for awhile, If I see at least one website abuse this, I will upload this user script immediately.

Website security application

This vulnerability is not applicable for facebook only. All websites could be subject by this trick. I may make a new post on general application of this trick to a typical website.

You may want to read about my facebook time limiter user script too:

Facebook Time Limiter

This post does not endorse anyone to use this trick to have tremendous likes on there site. Or earn more on google adsense. If you will do this trickery... I hate you :)) that's all hehe