Recently, there has been a rash of clickjacks that led to the spread of violent and pornographic images across Facebook.According to a statement from Facebook, the attack used bait links to trick users into launching scripts that cut and pasted Javascript code into the URL, causing them to unknowingly share this offencive content. Facebook did take some steps to shut down the accounts used in the attack, and said that it reduced their frequency. however, facebook did not indicate that the attack was over.
Clickjacking is the most common technique used by the bad boys (hackers) in such attacks. In this attack, the attacker Tricks the user into revealing confidential information and other account details required to spread the attack further. So really, What is clickjacking?
Clickjacking, also known as "UI Redressing" is a Malicious script which takes over the links displayed in the Internet browser for various web pages. In such a case, the user is taken to a site which is unintended when he tries to lick on that link. Take a close look at the image below
From the above illustration, In other words, clickjacking is simply an embedded script or code which can trigger a button that appears to perform another function, without the user’s knowledge.
Recently, a new clickjacking tool was disclosed that allowed clickjackers to hijack your computer's camera (webcam) using adobe flash. This allows them to spy on the victim by taking pictures, streaming videos e.t.c secretly via Internet connection.
So if you are a cyberholic and your computer has a webcam, Your best defence is to place a piece of tape strategically over your camera, with this analog solution, you will never go wrong lol .
And not only the victim's webcam, adobe flash also enables clickjackers to gain access of the user’s microphone thereby gaining access to audio streaming.
In a little detail, when a user (victim) visits an unknown web page hooked with a clickjacker script, the target application waits invisibly and is loaded while it floats an invisible "allow" button on the victim's browser screen. For example, an "invisible allow" button can be embedded behind a "visible login" button. Therefore, a single click on the login button triggers the allow function that in return gives full permission to run the target application, hence you have have been clickjacked man!
Clickjacking can be fatal, it can clear all your personal data, from your computer, social security data, credit card numbers and other sensitive bank information. The malicious script is also capable of installing a number of unwanted software, adware, spyware or even virus onto the victim's computer without his knowledge.
Below are the images of a few famous clickjacking Scams the web
1. IDEO SHOCK - Hurricane Irene New York kills All
2. OMG ..Look what this 6 year old found in her happy meal From McDonalds! [shocking]
3. Cheryl Cole Exposed Paparazzi Photos!
4.
Breaking News Lady Gaga Found dead in Hotel room [video]
How to protect yourself from Clickjacking?
As you can see from the above images, they look as original as they can be, apparently one way to combat this would be by using a text-based browser. But that wouldn't be the case in this modern age of technology :D
So how do you protect yourself?
Its simple, Simply dissable scripting on your browser . This can be done with the help of
browser addons Such
NoScript for
Mozilla Firefox,
NotScript for
Google chrome browser e.t.c... These will block any Scripts like javascript codes from executing on your browser without your approval. So you can only whitelist trusted websites and web pages on which you want the scripts to run.
Disable scripting addon links
1. Mozilla Firefox - Install NoScript (Click
here )
2. Google Chrome - Install NotScript (Click
here )
3. Opera Browser - Install NotScript (Click
here )
The above addons are the best protection you can get at the moment. Not only will they protect you against clickjacking, they'll also protect you from another Internet scam known as
Tab Napping or Advanced phishing.
Stay alert,..!!! be smart :D:D:D
