‘I can’t believe a GIRL did this because of Justin Bieber.’ ‘I lost all respect for Emma Watson (or Miley Cyrus, or …) when I seen this video! Outrageous!’
Do the comments and image seem familiar? These clickjacking scams are making the rounds of Facebook users again, and while the current wave is supposedly under control (according to the FB people) new versions keep popping up all the time.
What is clickjacking?
In a nutshell, a transparent web page is placed over another page that has a clickable link, image or buttons, so what you see on the surface appears to be legit and you won’t hesitate to click (such as the play button on a YouTube video). But the click produces unexpected behavior: you might get redirected to a different site, or a survey gets launched where you’re asked to fill in personal information (with a promise of freebies or a discounted price on the item being surveyed), or a malicious program gets launched in the background.
When you click the link in the Facebook image, the program gets propagated to all your friends, then to the friends of your friends, and so on down the line.
This How-to from Wired also states that clickjackers can take control of your computer’s camera and microphone, and provides advice for securing your system.
What’s the ultimate security? Resist your curiosity!
Please let us know if you’ve seen other recent examples.
NoScript also actively detects ClickJacking attempts (Google for ClearClick) and has done so since at least two years.
@PLiberty: thanks for the tip! Somehow I missed that one when I was doing my research.