Clickjacking code found on sites with 43 million daily visits total
Analysis Clickjacking, which came to the attention of security types more than a decade ago, continues to thrive, despite defenses deployed since then by browser makers.
Boffins from Microsoft and universities in China, South Korea and the US recently looked at the Alexa top 250K websites and identified three different clickjacking techniques currently being used to intercept clicks.
In summary, malicious browser extensions, and dodgy third-party scripts loaded by pages, can quietly alter URLs in links to redirect netizens elsewhere on the web, or trigger more code to run in the background. The goal by the makers of this stuff is to get victims to inadvertently click on adverts, set cookies, fool affiliate programs, download and run malware, and suchlike.
Support the originator by clicking the read the rest link below.
