Clickjacking Evolves to Hook Millions of Top-Site Visitors

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112
Clickjacking, where links on a website redirect unknowing users to spam, advertising or malware, has been around for decades. However, new tactics that defy the best mitigation efforts of browsers has led to it affecting millions of internet users browsing the web’s top sites, researchers found in a new study.

In crawling data from the Alexa top 250,000 websites, researchers discovered 437 third-party scripts that intercepted user clicks on 613 websites – which in total receive around 43 million visits on a daily basis. Making matters worse, click interception links are using new techniques – such as making the links larger – that are making them harder to avoid.

“We further revealed that many third-party scripts intercept user clicks for monetization via committing ad click fraud,” researchers said. “In addition, we demonstrated that click interception can lead victim users to malicious contents. Our research sheds light on an emerging client-side threat, and highlights the need to restrict the privilege of third-party JavaScript code.”

The researchers, who collaborated from the Chinese University of Hong Kong, Microsoft Research, Seoul National University and Pennsylvania State University, published their findings in a paper, “All Your Clicks Belong to Me: Investigating Click Interception on the Web,” which they are discussing Thursday at the USENIX Security conference.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top