I have always tried to emphasize how sneaky hackers can be when they are running attacks on unsuspecting Internet users.
There are several underhanded ways that hackers can get malicious files on your desktop but none are more sneaky than using a click jack attack.
This attack can severely ruin your internet experience since you are unknowingly given a third party piece of malicious software the permission to do whatever it likes on your computer.
I will explain more about click jacking and how you can avoid becoming a victim later on in the article.
When a security professional uses the term click jacking they are talking about the use of a hidden DIV on a web page, that tricks the user into allowing a piece of code to execute.
A DIV is a piece of mark up code in the web page that functions as a container that will hold other elements of a web page.
A DIV has elements that will hide the true button over a seemingly normal button or image on a web page.
You believe that you are clicking the normal button but in actuality there is another button in front of it but it is invisible.
This attack is very effective since a hacker can sneak the code on a trusted web site and make everything look like it is normal.
The person who runs the site will see the same thing that they usually see and will not know until they start to receive complaints that anything is wrong.
This attack has been around for several years at this point but in the last two years has become increasingly popular.
The basic browsers that are available today are very susceptible to these kinds of attacks.
Fortunately Firefox allows you to place plugins into your browser that will prevent attacks such as these from occurring.
Internet Explorer 8 has partial protection against these attacks but most people still use Internet Explorer 7 and earlier versions which are very much at risk.
Firefox And No Script
At this point in time, using Firefox with the combination of the No Script plugin seems to be the best way to be able to protect yourself.
Even that combination is not a hundred percent foolproof but it gets the job done in most cases.
if you are an owner of a web site, every now and then you must do an audit of the code on your site.
If you were not the creator of your site then have someone else who knows what they are doing perform the process.
This is the only way that you will be able to stay ahead of the game when it comes to protecting your web site.
If you are just a web surfer, you should be aware that such attacks do exist and rely on the right tools to help protect yourself.