The Telegraph reports that hackers are exploiting a vulnerability to update Facebook status without the permission of the profile owner, warn security experts

Facebook users have been warned to look out for a new scam which hijacks their status updates and sends spam message to all of their friends on the social-networking website.

To date, hundreds of thousands of users had fallen victim to the “clickjacking” or “likejacking” scam. Users are tricked in to clicking a link in their News Feed labelled “101 hottest women in the world”.

The link takes the user through to a webpage showing a picture of Hollywood actress Jessica Alba, and, whenever they click their mouse on that page, an update will automatically be posted to their Facebook profile telling their friends that they “like” that story, and thereby encouraging other people to click on the link.

It has been reported that “clickjackers” are creating these worms in order to make money. The site at the centre of the most recent scam is part of the CPALead advertising network, he said, and every hijacked click helps to generate revenue for the people behind the scam.

“Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms,” said a security expert. “The social network should tighten up the way it handles the ‘liking’ of external web pages before it is more widely abused by malicious hackers and spammers.”

He advised Facebook users who feared they may have fallen victim to the scam to check their News Feed for suspicious recent activity, and to delete any entries that contained a link through to the “101 hottest women in the world” website. “You may also be wise to warn your friends if they might have followed your lead and also clicked on the page,” he said.

Access the original article online at: http://www.telegraph.co.uk/technology/facebook/7827530/Facebook-users-hit-by-clickjacking-scam.html