Clickjacking

What is clickjacking?
Clickjacking is a type of online exploit where hackers hide malware or malicious code in a legitimate-looking control on a website. This involves injecting Trojan code into the source code for the website. With different types of clickjacking, hackers can trick users into, for example, changing a status on Facebook or even sending money from their bank accounts.

Clickjacking is also known as a redress attack on the user interface.

With clickjacking, the code attached to the control raises events that are not described in the user interface. This is something new to most computer users, who have always assumed that visual control means what it means on the web and that these visual symbols are inherently functionally bound or immune to tampering. The buttons for closing or minimizing web browser windows are a great example. In a pop-up ad or other frame, the hacker can attach code to this button so that clicking it has unforeseen effects.

Some experts recommend disabling scripting and I-frames in browsers or installing certain plug-ins such as NoScript in Mozilla Firefox. It is also suggested that an 'X frame options' header should be sent to authenticate permissions for content framing. A code command for 'X Frame Options: Deny' can protect systems against clickjacking.