Clickjacking Attacks Are Ocurring in the Wild

Less than a month after the clickjacking exploit came to light, sporadic reports of users falling victim to the attack are beginning to surface. Dennis O’Reilly’s column in Windows Secrets Newsletter, Issue 172, contains this report from a reader:

Yep, clickjacking is in the wild. I build, fix, and de-badware computers for family, friends, and businesses. I had a friend complain that his eBay page kept popping up with auctions when he hadn’t accessed eBay. So, dutifully, I went to see what was going on and found that he had been trawling through some [game] crack sites.

When he clicked some links, he would also pop his eBay page up (he had his eBay cookie set). Bingo! The crack-page vendors had scored his login details. I quickly apprised him of the risks of visiting said pages and, of course, quickly reset his eBay password and scanned, cleaned, and disinfected his computer.

Just yesterday, I received a report from another engineer at our office that he had witnessed a clickjacking attempt on his own machine when he clicked a button on an antivirus blog. Instead of going to the previous page, as expected, he receive a pop-up for the “Antivirus XP 2009” malware download. I had him disable IFRAME handling in Internet Explorer and install NoScript on Firefox. That fixed the issue.