Archive for May 2011

The Condom Clickjack

May 31, 2011

Even though clickjacking attacks spread fastest when they have content that perks up a person’s curiosity, you rarely get the content that encouraged you to follow the link. That’s one of the ways that you can be certain that you have fallen victim to a clickjack attack.

Not every clickjacker, however, is so carefree and obvious. That makes it tougher to determine which links might cause you problems.

Case in point: “the World’s Funniest Condom Commercial – LOL”

When you follow this Facebook link, you inadvertently “like” it. This gets posted to your wall where it tempts your friends to follow the link, thus spreading the clickjack even farther. Instead of leaving you with nothing, though, this clickjack directs you to a YouTube video featuring a mildly humorous condom commercial. When you actually get sent to the link, you will probably believe that you haven’t executed any of the common clickjacks. But you’d be wrong.

This post acts just like other clickjacks. Which means that you’ll be spreading a condom commercial that really doesn’t live up to the hype. Imagine how many people will see this link shared by you. Your parents, your co-workers, your in-laws. And all them are going “why the hell did he share a stupid condom commercial with the world?”

The clickjack doesn’t cause any actual harm to your computer, but it could have a negative impact on your social standing. Anyone suspecting that you’re dull enough to spread clickjacks might block messages from you or even eliminate you as a friend.



WordPress Improves Clickjacking Security

May 26, 2011

Improved clickjacking security seems to be the new thing amongst popular websites that allow user interface. First, Facebook released updates that would make it considerably more difficult for likejacking to take advantage of its site. Now, WordPress has released a beta version of its WordPress 3.2 that offers improved clickjacking security.

The latest update is WordPress 3.1.3, a platform that the company does not recommend for production servers. The company also says that its developments are right on schedule. That means the new version of WordPress will become widely available in just a couple weeks.

The company hasn’t specified exactly how the latest updates prevent clickjacking, but it is safe to assume that it uses some of the security features included in the latest Facebook updates. It will probably use a combination of security software that recognizes suspicious links and alerts that will allow users to decide whether they want to allow an action or not.

As long as WordPress remains as flexible and useful as its previous versions, this is great news for bloggers and Internet users alike.

By giving bloggers more control over the way that their websites function, WordPress could make it easier for them to prevent clickjacking links from affecting readers. Hopefully, WordPress has made some of the security features mandatory. That would prevent bloggers from incorporating clickjacked links into their posts.

As people become more aware of this problem, it is likely that companies will continue to search for solutions. That’s why we all need to stay informed about the security issues that might affect us.

Clickjacking Revenge

May 25, 2011

So, you fell for a clickjacking scam, and now you’re infuriated. What are you going to do about it?

There are a few options, some of which are more sensible than others. Honestly, the best route is to learn from your mistakes, report the clickjacked page to Facebook (or any other website that is unwittingly spreading the clickjacked link), and remove any malware that you might have contracted.

You can then alert your friends to the clickjack so that they don’t become victims. And, of course, if someone passed it on to you, let them know that they’re a victim.

Not everyone, however, likes to take the sensible route. That’s where scambaiting comes in.

Scambaiting is most effective for clickjacks that try to string you along with scam after scam. It’s also an effective technique (for some) for fighting email phishing scams. Essentially, you play along with the scammer, wasting his time and making life generally difficult for him.

Here is one of the most involved scambaiting projects that I have ever seen.

The victim creates a whole cast of characters to mess with the scammer, who never seems to understand that the tables have turned. It’s quite entertaining and shows what a dedicated scambaiter can accomplish.

Here’s the thing, though: scambaiting wastes your time as much as the scammer’s time. You might enjoy stringing them along, but you don’t really get anything for it. In some cases, people (albeit usually the scammers) have gotten hurt because of these strategies. If you’re set on getting revenge, it’s best to contact a pro who can take the risks for you.

Why Would Someone Use Clickjacking?

May 24, 2011

Most people these days seem to have a basic grasp of what clickjacking is, but they don’t really understand why anyone would want to use clickjacking to sucker Internet users into silly things such as “liking” a page on Facebook. It’s one thing when hackers use viruses to steal information from someone’s computer. That’s a dirty, unethical, illegal thing to do, but at least you can understand the motivation behind it. With clickjacking, though, a lot of people just wonder “why.”

It’s simple in most cases. Hackers can make money through clickjacking by forcing large numbers of people to visit websites or promote Facebook pages. There are a couple of strategies that they can use. Some of them get paid for every hit that a website gets through their link. It’s similar to many online marketing techniques, except even shadier.

They can also get paid for general promotion of a website. For instance, if someone owns a company that promotes websites, then they can use clickjacking to show a client how effective their strategies are. It doesn’t hurt the clickjacking victim nearly as much as it robs the client.

Hackers can also make money by getting people to take online quizzes. That’s why you see so many quizzes popping up when you follow likejacked links on Facebook.

Although clickjacking hasn’t caused many significant problems, it is a troublesome waste of resources that makes the online community suspicious of everything that they encounter. Unfortunately, that’s the best way to stay safe online. Remain suspicious and you can make it harder for clickjacking hackers to make money from their pathetic scams.

Fans of Reality TV Should Beware Clickjacks

May 10, 2011

Shows such as Survivor, The Voice, and American Idol have saturated television with so-called reality programming. I’ve never been sure how living on an island with medical staff and a bunch of players trying to win a game represents any form of reality… but I digress.

Hackers have used the popularity of these shows to attract more clickjacking victims. By creating fake websites for reality TV shows, they attract the biggest suckers of all. Hey, if you’re willing to believe that Survivor is reality, then you’ll probably believe that some crumby website is official even though it has pixelated graphics and broken English.

Getting clickjacked, however, isn’t fun. It’s not something that I would even wish on fans of reality TV, although they are probably some of the most deserving people on the planet (I hold a particular grudge because I enjoy writing, and these shows have made it harder for writers to earn a living. Sorry, it’s my own personal prejudice, and I’m not willing to give it up).

Since no one truly deserves to get clickjacked, it’s important to let others know that they should be careful when visiting any website.

How can you spot a fake? More often than not, they have suspicious URLs. Dancing with the Stars, for instance, is an ABC program. The official website is hosted on the ABC website. It’s not that fan pages are necessarily scams, but you do run a risk when you visit them, especially if you click any elements on the web page to access more information.

Keep your wits about you, people.