A clickjack attack is a malicious technique used by an attacker to record the infected user’s clicks on the Internet. This can be used to direct traffic to a specific site or to make a user like or accept a Facebook application. More nefarious purposes might be to collect sensitive information saved on a browser, such as passwords, or to install malicious content.
This type of attack is also known as clickjacking or UI readdressing.
This type of attack is also known as clickjacking or UI readdressing.
Normally, a clickjack exploitation is carried out by placing a concealed link over a valid button. However, the exploitation may also include the following:
- Deceiving users into enabling their microphones and webcams via Flash
- Fooling users into making their social media profile details public
- Making infected users unknowingly follow somebody on Twitter
A clickjack attack can be implemented by using IFRAMEs, which are HTML elements that draw content from other locations such as other websites. Clickjack attackers can embed an IFRAME on any website and overlay the invisible IFRAME on top of a legitimate button. When the user clicks the legitimate button, the attacker’s button or link is actually being clicked.
What makes this a very powerful way of attacking is that it is actually done within the bounds of the HTML specification, which means that the website is working as expected. The attackers are just exploiting this feature for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will make it possible for websites to disallow outside interference.
Website administrators may not know that something is wrong until complaints come in from users. It is hard to pinpoint that an attack has taken place because everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.
The NoScript add-on for Mozilla, the Gazelle Web browser, and the Framekiller JavaScript snippet are some measures that can be used to protect against a clickjack attack.
What makes this a very powerful way of attacking is that it is actually done within the bounds of the HTML specification, which means that the website is working as expected. The attackers are just exploiting this feature for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will make it possible for websites to disallow outside interference.
Website administrators may not know that something is wrong until complaints come in from users. It is hard to pinpoint that an attack has taken place because everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.
The NoScript add-on for Mozilla, the Gazelle Web browser, and the Framekiller JavaScript snippet are some measures that can be used to protect against a clickjack attack.
0 Comments