Clickjacking is a malicious software form that can seemingly take control of the links that an Internet browser displays for various Web pages. Once that takes place, and once a user tries to click on that link, the user is taken to a site that is unintended. In some cases, the user may be able to recognize this immediately; in other cases, the user may be totally unaware of what took place.
Clickjacking occurs when a malicious program is embedded into a Web site. This program hovers under the user's mouse, according to Jeremiah Grossman, a security researcher dealing with Internet issues. Once the user clicks, usually on a link but it can be anywhere on the page, a new Web site may appear or software may be downloaded and clickjacking has occurred.
The possibilities for how clickjacking software could be abused are endless. There are a number of things that have major Web sites and companies especially alarmed. First is the fact the program can run on virtually any Web site without the Web site owner's knowledge or ability to stop it. Second, clickjacking can take the user to a mirror site while still making them believe they are on the Web site of the company and mine personal information, often which is freely given. Third, no browser, except the very few that are not based on graphics, is immune from clickjacking software.
In addition to stealing personal data, such as bank account information, credit card information and Social Security numbers, clickjacking can also install a number of software applications on a computer without the user's knowledge. This software could be harmful viruses, spyware or adware. The latter may not be extremely harmful in nature but it often presents a big problem for computers.
Details on how clickjacking works, other than the basic information already listed, are being closely guarded. Browsers and Internet security software companies are working on a security patch that would help correct the situation. However, that may take some time.
Other than using a text-based browser, such as Lynx™, there is not much that can be done at this point. Those employing some sort of a solution will find the Internet browsing will become far different than what they used to. There are applications, such as NoScript™, that can block Java and script applications from running on a browser, but this would render some Web sites virtually useless.