Old Attack Learns New Tricks – Clickjacking 2.0

When someone wants to be evil and take something of yours they will go through a lot to find a clever way of doing it.

They may even exhort more effort by thinking of a plan to do it than actually finding some way of legitimately getting the money for themselves.

For people like this it is the rush of the action rather than the net results that they gain from it.

They find it exciting to be able to see one of their plans come together, even if it is for a nefarious purpose.

This is the same rush that black hat hackers feel when they are able to come up with a new and successful assault.

The rush is something that cannot be described.

For people like them, it is like winning the hackers’ version of the Superbowl.

This is especially true when people take your attack and make their own versions of it.

This is why you will always see new attacks in the wild.

ClickJacking Attacks

There is a new type of clickjacking attack that is making its rounds over the internet.

Clickjacking attacks themselves have been around for several years now but someone has found out a new way to use this old technique.

If you don’t already know, click jacking is when an attacker is able to go to a popular web site and put a piece of code inside of it.

They do this through a number of different web exploits that are available.

When the code is placed on the web site it allows an invisible element to be placed inside of it.

This invisible element is placed over a piece of the web page that will be clicked all of the time such as a submit button or something else of that nature.

Once the element over the submit button is clicked the user is then sent to the web site where the element is pointed to.

This can be something as innocent as an advert, or something more dangerous such as a site that is placing a piece of malware on your computer.

The New Click Jacking Attack

Security Researchers have now found that the bad guys can create attacks that will go after more than just one section of a web site.

These new attacks will place iFrames on the page and also target more elements than just the submit button.

They can make the attacks activate if you place text in the textbox and other events as well.

Not only can they place the attacks in new places, they have found that they can automate the attacks as well.

All they have to do is point their software at a target and it will analyze and attack that target at will.

Clickjacking attacks have been around for several years but web sites are still not taking them seriously.

Maybe with these latest revelations, they finally will.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind