“Who wouldn’t want to have more likes on their Facebook page?” This is the motivation of a very trivial code to get more likes, but while other methods usually comprise of adding better content or advertising, this one is a bit easier, and much dirtier. Why not show the like button directly beneath your mouse cursor as you browse a website, make it invisible, and move it as you move your mouse?
The only thing the victim has to do is click; if they are logged in to Facebook, they will automatically like the Facebook page. And of course, it is not only about the number of likes, but each like means the victim will get all the information about this page on their news feed (until they unlike the page), and all friends will also see that you like it – so why not check it out themselves?
This method is possible due to Like Button, a social plugin for Facebook, made by Facebook developers. It is used properly on many legitimate sites, but when combined with CSS hiding and JS moving, the victim has no other chance. If you want to know how to minimize the impact of such tactics, or if you are more into technical details, read on.
Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this: