Security researchers have discovered a vulnerability which can be used to force Facebook users into liking arbitrary pages. The type of attack is known as clickjacking and does not require any form of user confirmation.

The Facebook “Like” button allows users to share content they find interesting on the Web. The feature is meant to allow users with similar interests to easily find and connect to each other on the social networking website. The button can be integrated by webmasters into any page on their website via a special IFrame.

Successful exploitation results in arbitrary content being added to the user's Facebook News Feed.

This type of attack, which is known as clickjacking or user interface (UI) redressing, can allow for the creation of so called social networking worms – malicious messages that spread virally. The existence of such a vulnerability is worrying because Facebook scams abusing the Like functionality have been particularly active lately.

Ref: http://news.softpedia.com/news/Facebook-Users-Can-Be-Forced-into-Liking-Arbitrary-Pages-147531.shtml