[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Clickjack Attack

Definition - What does Clickjack Attack mean?

A clickjack attack is a malicious technique used by an attacker to record the infected user’s clicks on the Internet. This can be used to direct traffic to a specific site or to make a user like or accept a Facebook application. More nefarious purposes might be to collect sensitive information saved on a browser, such as passwords, or to install malicious content.

This type of attack is also known as clickjacking or UI readdressing.

Techopedia explains Clickjack Attack

Normally, a clickjack exploitation is carried out by placing a concealed link over a valid button. However, the exploitation may also include the following:

  • Deceiving users into enabling their microphones and webcams via Flash
  • Fooling users into making their social media profile details public
  • Making infected users unknowingly follow somebody on Twitter

A clickjack attack can be implemented by using IFRAMEs, which are HTML elements that draw content from other locations such as other websites. Clickjack attackers can embed an IFRAME on any website and overlay the invisible IFRAME on top of a legitimate button. When the user clicks the legitimate button, the attacker’s button or link is actually being clicked.

What makes this a very powerful way of attacking is that it is actually done within the bounds of the HTML specification, which means that the website is working as expected. The attackers are just exploiting this feature for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will make it possible for websites to disallow outside interference.

Website administrators may not know that something is wrong until complaints come in from users. It is hard to pinpoint that an attack has taken place because everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.

The NoScript add-on for Mozilla, the Gazelle Web browser, and the Framekiller JavaScript snippet are some measures that can be used to protect against a clickjack attack.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.