Hold Your Clicks: Clickjacking Scam Discovered on the Ibibo Gaming Site

There's just something about sites that offer free online games that I don't trust. Maybe it's because some scammers have tried planting Trojans on these sites or compromised some to turn them into botnets that make them seem so untrustworthy.

Another such site to cross off your list of online gaming sites is Ibibo. The site looks decent enough with its clean layout and unintrusive-looking ads, but security expert Prakhar Prasad has issued a warning against accessing the site because of a potentially dangerous clickjacking vulnerability.

In his post, Prasad goes into detail about clickjacking and why Ibibo's site is vulnerable to it.

I noticed that the site does not use the X-FRAME-OPTIONS header to prevent framing of important pages which can be used to click-jack users of ibibo.com to perform different kinds of action on behalf of them.

-- Prakhar Prasad, security expert

To prove his point, Prasad demonstrates how an exploit would work on Ibibo and recorded it to show just how clickjackers could take advantage of the vulnerability.

Prasad ends his post by calling on Ibibo to restrict framing of their crucial pages by using the X-FRAME-OPTIONS HTTP header. He also calls on users to avoid clicking on any suspicious or unverified links on web pages and to install the NoScript Firefox Add-on to protect against any clickjacking or likejacking attacks.