BBC News: Hundreds of thousands of Facebook uses have fallen victim to a new type of attack known as "clickjacking." It works like this: a facebook users sees that one of his friends likes a link for "World Cup 2010 in HD," "Justin Bieber's phone number" or something similar. When the user clicks the link, it gets posted to his profile with a "like" recommendation, potentially tricking more of his friends to click.
"At the moment the attacks which we've seen are more like old-school viruses - written for the heck of it to see how many fans they can get," notes Graham Cluley of security vendor Sophos. "But our feeling is that it would be fairly easy for the bad guys to introduce some revenue generation for themselves."