Clickjacking, in which an attacker slips a malicious link or malware onto a legitimate Web page that appears to contain normal content, is an emerging threat experts have been warning about.
The attack on Facebook was in the form of a comment on a user's account with a photo that lured the victim to click on it.
The embedded link took the victim to a Web page that presented like a CAPTCHA or Turing test, and asked the user to click on a blue "Share" button on the Facebook page. (as shown below)
Once clicked, the victim is redirected to a YouTube video, and then the same post shows up on the victim's account and thus tries to infect his or her friends. Security experts say the attack appeared to be more of a prank or trial balloon, and it affects only Firefox and Chrome browsers, according to security expert Krzysztof Kotowicz, who blogged about the attack this week. Facebook has now blocked the URL to the malicious site, fb.59.to.
netizens left a footprint.