[Back]

M. Balduzzi, M. Egele, D. Balzarotti, E. Kirda, C. Krügel:
"A Solution for the Automated Detection of Clickjacking Attacks";
Talk: ACM Symposium on Information computer and Communication Security (AsiaCCS), Bejing, China; 2010-04-13 - 2010-04-16; in: "Proceedings of the 5th ACM Symposium on Information computer and Communication Security", ACM, 5 (2010), ISBN: 978-1-60558-936-7; 135 - 144.

Clickjacking is a web-based attack that has recently received
a wide media coverage. In a clickjacking attack, a malicious
page is constructed such that it tricks victims into clicking
on an element of a different page that is only barely (or not
at all) visible. By stealing the victim´s clicks, an attacker
could force the user to perform an unintended action that is
advantageous for the attacker (e.g., initiate an online money
transaction). Although clickjacking has been the subject
of many discussions and alarming reports, it is currently
unclear to what extent clickjacking is being used by attackers
in the wild, and how significant the attack is for the security
of Internet users.
In this paper, we propose a novel solution for the auto-
mated and efficient detection of clickjacking attacks. We
describe the system that we designed, implemented and de-
ployed to analyze over a million unique web pages. The
experiments show that our approach is feasible in practice.
Also, the empirical study that we conducted on a large num-
ber of popular websites suggests that clickjacking has not yet
been largely adopted by attackers on the Internet.

http://dx.doi.org/10.1145/1755688.1755706

http://publik.tuwien.ac.at/files/PubDat_190200.pdf

Project Head Paolo Milani Comparetti:
Worldwide Observatory of Malicious Behaviors and Attack Threats

Project Head Christian Platzer:
SECoverer - Finding Security Vulnerabilities in Web Applications