New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Researchers Found Over 600 Websites Infected With Clickjacking Scripts.

A research team found almost 440 third-party scripts that intercepted user clicks on over 600 popular websites. It was noted that some of the scripts were used to intercept user clicks and perform clicks on ads to generate additional revenue. Other scripts were used to redirect users to malicious websites. The research team detected the scripts by creating a scanning tool called Observer. This tool scans the top 250,000 sites for the presence of clickjacking scripts that intercept the user clicks. Observer focuses on three fundamental actions that rely on intercept clicks. First, the clickjacker could modify an existing hyperlink on a page. Secondly, it could create a new hyperlink in a page and third, it could register an event handler to an HTML event to hook a user’s click. The websites searched have over 43 million clicks daily.

Analyst Notes

It is recommended that organizations ensure link and click integrity to prevent click-interception by hyperlink and event handlers. It is also recommended to distinguish first-party from third-party scripts so that visitors can identify if the redirection URL is provided by the site itself.