Facebook administrators have blocked a clickjacking exploit that displayed
images of a scantily clad woman on profile pages without first prompting the
user for permission.
The attack began when a victim encountered the image of the near-naked woman
on a friend’s profile page along with the words "Want 2 C something hot? Click
da button, baby!" Facebookers who took the bait — and were logged in to their
accounts at the time — found their profile pages were updated to include the
same image. The more people who fell for the come-on, the more the come-on was
presented to new potential victims, giving the attack a viral quality.