devil

ClickJacking Attack: Things you must know


The latest buzz of massive spam attack on the Facebook account holders had created doubt in the minds of its users. Facebook has deployed its best men to find out the nuts. Now, as per a statement released by Facebook, stats that it has pointed those people, who were involved in the cyber attack. The statement also says about a legal action in pipeline against these spammers. 

Clickjacking is the most common technique used by hackers in such attacks. wherein the attacker Tricks the user into revealing confidential information and other account details required to spread the attack further.

Clickjacking is a malicious script, also known as UI Redressing which takes over the links displayed in the Internet browser for various web pages. When this happens, the user is taken to a site which is unintended when he tries to lick on that link. In other words, clickjacking simply is an embedded script or code which can click on a button that appears to perform another function, without the user’s knowledge.
clickjacking attack
Sometimes a user is unaware of what has just happened or in some case, a user can immediately detect it. There are a few things which everyone ought to be aware about this menace that can create havoc.


#1. Clickjacking happens when a website is embedded with a malicious program. This program apparently hovers under the unaware user’s mouse, and if the user clicks the mouse on a page or link, a new web site appears or downloading of software takes place.
#2. Its a malicious script which can virtually run on any website without the owner being aware or having the ability to stop it. These attacks have been a major cause of concern for many big companies and major websites like Facebook.
#3. Making the user believe that he is on the company website, clickjacking can create a mirror site and collect personal information.
#4. Except very few browsers which are not based on graphics are immune from the clickjacking software.
#5. Clickjacking can steal personal data, like social security numbers, credit card and bank information.
#6. This malicious script can work without the knowledge of the user, install a number of software applications in a computer. They could be harmful viruses, adware or software which is more so harmful for the computer.
#7. A new clickjacking software has been disclosed which can be used to spy on your webcam and microphone in Adobe’s Flash software. Adobe’s Flash software is vulnerable as it enables the clickjacking to gain access of the user’s microphone and webcam. While the user visits a web page, unknown to him, the target application waits invisible and loaded while it floats the invisible allow button. When the user click on the flash button, the invisible allow button receives your click actually. The Flash application is now accessed with full permission and may even stream from your microphone and webcam to a server for recording.


Here’s are the few examples of this clickjacking Scams on facebook:
Breaking News Lady Gaga Found dead in Hotel room [video]Breaking News Lady Gaga Found dead in Hotel roomIDEO SHOCK - Hurricane Irene New York kills AllIDEO SHOCK - Hurricane Irene New York kills AllOMG ..Look what this 6 year old found in her happy meal From McDonalds! [shocking]OMG Look what this 6 year old found in her happy mealCheryl Cole Exposed Paparazzi Photos!Cheryl Cole Exposed Paparazzi Photos
There are not many details available about how clickjacking works. Many Security software Internet companies and browsers are working on how to counter and combat this malicious software. There is not much that can be done at this point, apart from using a text-based browser.

There are some applications which can block java and script as NoScript from running on a browser. This would probably render many websites useless and internet browsing will become far more different than previously. There are some who suggests that the best way to counter clickjacking is to install the NoScript add-on of Firefox and by allowing only sites you trust to run active content.


ADVERTISEMENT
Subscribe to this Blog via Email :

Would love to here from you...