Hold Your Clicks: Clickjacking Scam Discovered on the Ibibo Gaming Site

Gallery Icon

bill-swift - June 30, 2012

There's just something about sites that offer free online games that I don't trust. Maybe it's because some scammers have tried planting Trojans on these sites or compromised some to turn them into botnets that make them seem so untrustworthy.

Another such site to cross off your list of online gaming sites is Ibibo. The site looks decent enough with its clean layout and unintrusive-looking ads, but security expert Prakhar Prasad has issued a warning against accessing the site because of a potentially dangerous clickjacking vulnerability.

In his post, Prasad goes into detail about clickjacking and why Ibibo's site is vulnerable to it.

I noticed that the site does not use the X-FRAME-OPTIONS header to prevent framing of important pages which can be used to click-jack users of to perform different kinds of action on behalf of them.

-- Prakhar Prasad, security expert

To prove his point, Prasad demonstrates how an exploit would work on Ibibo and recorded it to show just how clickjackers could take advantage of the vulnerability.

Prasad ends his post by calling on Ibibo to restrict framing of their crucial pages by using the X-FRAME-OPTIONS HTTP header. He also calls on users to avoid clicking on any suspicious or unverified links on web pages and to install the NoScript Firefox Add-on to protect against any clickjacking or likejacking attacks.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.