A new Web attacks is now in the wild. It’s named clickjacking – as discussed at the OWASP NYC AppSec 2008 Conference. Clickjacking is actually clipboard hijacking by adobe flash player on various browsers.
We all see various types of advertisements on many website. One thing that you need to notice from now on is that silly advertisements are capable of monitoring your clipboard. (Clipboard is where the user saves the data temporary on using the “copy†function). The bug exists in all browsers and in all operating systems so you are not safe.
In a nutshell, it’s when you visit a malicious website and
the attacker is able to take control of the links that your
browser visits. The problem affects all of the different
browsers except something like lynx. The issue has nothing
to do with JavaScript so turning JavaScript off in your
browser will not help you. It’s a fundamental flaw with
the way your browser works and cannot be fixed with a simple
patch. With this exploit, once you’re on the malicious web page,
the bad guy can make you click on any link, any button,
or anything on the page without you even seeing it happening.
Now hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program. Victims report that the vulnerable advertisements are shown in many legitimate websites including Newsweek, Digg and MSNBC.com.