The recent Facebook clickjacking attack got a lot of publicity, but is clickjacking really a threat that IT security...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
teams have to worry about?
The recent Facebook clickjacking attack from June 2010 did get a lot of publicity and was reported to have infected hundreds of thousands of Facebook users. The more general clickjacking attacks also got significant attention when Jeremiah Grossman and Robert "RSnake" Hansen disclosed them in 2008. The attack worked because Facebook users clicked on links from Facebook that took them to an external website, where they were asked to "like" the website by clicking on a link, which would download and infect their systems with the malware. This would then post the malicious link to the user's Facebook profile, potentially enticing other Facebook users to click on it as well. The malicious external website used an invisible iframe on the webpage so that, when the Facebook user "liked" the website, he or she download the malware by clicking anywhere in the webpage.
Enterprise computers with up-to-date Web browsers are not at significant risk from this sort of clickjacking malware, given that a defense-in-depth strategy, including not having users log in with elevated access, should be used on client computers, preventing a malicious webpage from fully compromising the machine. Unfortunately though, the clickjacking attack could be used in combination with other exploits to bypass the security in place and wreak havoc on a system, depending on what defense-in-depth measures are in place. Current versions of Internet Explorer and Firefox both have protections in place now to prevent clickjacking attacks, but the underlying security vulnerability is complex and may not be completely patched in all browsers and websites.
Danger of Android clickjacking attacks addressed in new research
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is ...continue reading
Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being ...continue reading
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.