ClickJacking Attack: Things you must know

The latest buzz of massive spam attack on the Facebook account holders had created doubt in the minds of its users. Facebook has deployed its best men to find out the nuts. Now, as per a statement released by Facebook, stats that it has pointed those people, who were involved in the cyber attack. The statement also says about a legal action in pipeline against these spammers. Clickjacking is the most common technique used by hackers in such attacks. wherein the attacker Tricks the user into revealing confidential information and other account details required to spread the attack further. Clickjacking is a malicious script, also known as UI Redressing which takes over the links displayed in the Internet browser for various web pages. When this happens, the user is taken to a site which is unintended when he tries to lick on that link. In other words, clickjacking simply is an embedded script or code which can click on a button that appears to perform another function, without the user’s knowledge.
Sometimes a user is unaware of what has just happened or in some case, a user can immediately detect it. There are a few things which everyone ought to be aware about this menace that can create havoc. #1. Clickjacking happens when a website is embedded with a malicious program. This program apparently hovers under the unaware user’s mouse, and if the user clicks the mouse on a page or link, a new web site appears or downloading of software takes place. #2. Its a malicious script which can virtually run on any website without the owner being aware or having the ability to stop it. These attacks have been a major cause of concern for many big companies and major websites like Facebook. #3. Making the user believe that he is on the company website, clickjacking can create a mirror site and collect personal information. #4. Except very few browsers which are not based on graphics are immune from the clickjacking software. #5. Clickjacking can steal personal data, like social security numbers, credit card and bank information. #6. This malicious script can work without the knowledge of the user, install a number of software applications in a computer. They could be harmful viruses, adware or software which is more so harmful for the computer. #7. A new clickjacking software has been disclosed which can be used to spy on your webcam and microphone in Adobe’s Flash software. Adobe’s Flash software is vulnerable as it enables the clickjacking to gain access of the user’s microphone and webcam. While the user visits a web page, unknown to him, the target application waits invisible and loaded while it floats the invisible allow button. When the user click on the flash button, the invisible allow button receives your click actually. The Flash application is now accessed with full permission and may even stream from your microphone and webcam to a server for recording.


Shakti Bareth said...

superb article :
Click jacking tricks are practical.

johnny said...

Thanks for the blog post buddy! Keep them coming...

Post a Comment