First off, would you ever visit this domain:
likey.net ?
Never heard of it? Neither had I, until recently. Read on...
Would you need more evidence before visiting such a weird domain? If so, check these...
Google Safe Browsing Diagnostic:
Part of this site was listed for suspicious activity 23 time(s) over the past 90 days.
Of the 1104 pages we tested on the site over the past 90 days, 15 page(s) resulted in malicious software being downloaded and installed without user consent.
Malicious software includes 37 exploit(s), 1 worm(s). Successful infection resulted in an average of 1 new process(es) on the target machine.
Malicious software is hosted on 32 domain(s).
6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site.
My Web Of Trust:
Adult content Quite a bit of hateful and sexual content that you can't avoid
Entertaining lusting
Phishing or other scams posts malicious link redirects on facebook.
Phishing or other scams Scam.
Phishing or other scams They post of Facebook updates of what appears to be your friends
Phishing or other scams THEY STEAL YOUR IDENTITY! BE AWARE!
Based on this evidence, there's no way in Helga that I'd visit this site!
But guess what? A lot of my Facebook 'friends' share a common interest with this site ... and it may include you!
Do you like "
I live for Christ. He is my way, my ligh.." ? Of course, who wouldn't '
Like' this, right? Well, that's
exactly what the scammers are hoping too! And your kids are more susceptible at "Liking" Facebook links than you (maybe not this particular one, but many, many others linked to worse domains than likey.net).
Now, what does "I live for Christ" have to do with likey.net? If you hover the original link for "I live for Christ", you'll see that it's from likey.net (or one of their many DNS aliases). Basically, if you "Like" these links on Facebook, you are effectively promoting the site by adding it to your "Likes and Interests" section on your profile. The more links the domain receives, the higher search rankings they receive from Google, Yahoo!, etc. The better their search rankings, the more likelihood they are to appear on the first page of search results -- improving their chances that some other unsuspecting users will click their links too! It's a vicious cycle.
Here's where the real problems can arise: If you or your friends visit the domain, and the domain links-in Facebook API scripts, then they can potentially gain access to your profile and your friend's public information. Even worse, if you allow them -- usually through means of social hacking (eg, 'Click this button to see more!') -- then these domains can even auto-post to your Facebook wall; and some malicious scripts have been known to steal credentials (well, not really steal, but rather, they phish you into entering and submitting your credentials to their domain, not Facebook).
Malware Domain List has an entire collection of these Facebook phishing domains, and there's more!
So, how can you check if you're impacted? How can you remove this crap? Unfortunately, it's not straight-forward, but here's my step-by-step approach:
- Visit Facebook and login. If you already have, then nevermind.
- Click your "Profile" link in the blue header area in the top-right of this page.
- Click on your "Info" tab, if visible (top-middle of the page)
- In your "Likes and Interests" section (if visible), click the "Edit" link on the right side.
- (Almost there). See all these blue rectangles? Click each one, and review the info on the right side.
- If you see a gray domain name listed under the link, then it's an external domain reference. My advice: Remove it.
If you still need help, hover the main link on the right side, and examine your status bar.
If your browser's status bar does not indicate facebook.com, then Remove it.
- Repeat steps 5 and 6 for ALL BLUE RECTANGLES.
Also, if you see a "Show More" link in the section, you'll need to click it and examine all those 'Likes' too (sad, but true).
- When finished, click the "Show Other Pages" link at the bottom (yep, there's more).
In the "Other Pages You Like" pop-up list, hover each link and examine your browser's status bar.
Again, if the domain for the link is not facebook.com, then my advice is to Remove the "Like"
-
!!IMPORTANT!! When finished editing your Likes, press the [Save Changes] button at the bottom of the page.
Note: If you forget this step, your changes will not be saved, and you'll need to repeat all steps above!
Unfortunately, I've noticed that Facebook has some issues removing certain links that contain control characters, and the like (pun intended). Scammers were probably hoping for this, which is why they included hearts, smileys, skulls, etc. in their links to prevent removal. Therefore, you should repeat these steps frequently and often until only facebook.com "Likes" appear in your Facebook profile list. No sense in feeding these links to your 'friends', right?
Finally, if you have young kids, please review their "Likes" too ... and
SPREAD THE WORD!
This ends my educational rant for now. Have fun, but be safe out there.
Cheers!