The recent Facebook clickjacking attack got a lot of publicity, but is clickjacking really a threat that IT security...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
teams have to worry about?
The recent Facebook clickjacking attack from June 2010 did get a lot of publicity and was reported to have infected hundreds of thousands of Facebook users. The more general clickjacking attacks also got significant attention when Jeremiah Grossman and Robert "RSnake" Hansen disclosed them in 2008. The attack worked because Facebook users clicked on links from Facebook that took them to an external website, where they were asked to "like" the website by clicking on a link, which would download and infect their systems with the malware. This would then post the malicious link to the user's Facebook profile, potentially enticing other Facebook users to click on it as well. The malicious external website used an invisible iframe on the webpage so that, when the Facebook user "liked" the website, he or she download the malware by clicking anywhere in the webpage.
Enterprise computers with up-to-date Web browsers are not at significant risk from this sort of clickjacking malware, given that a defense-in-depth strategy, including not having users log in with elevated access, should be used on client computers, preventing a malicious webpage from fully compromising the machine. Unfortunately though, the clickjacking attack could be used in combination with other exploits to bypass the security in place and wreak havoc on a system, depending on what defense-in-depth measures are in place. Current versions of Internet Explorer and Firefox both have protections in place now to prevent clickjacking attacks, but the underlying security vulnerability is complex and may not be completely patched in all browsers and websites.
Danger of Android clickjacking attacks addressed in new research
Dig Deeper on Social media security risks and real-time communication security
Related Q&A from Nick Lewis
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this...continue reading
Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to ...continue reading
ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.