Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Abuse Legitimate EU Cookie Law Notices In Clickjacking Campaign (malwarebytes.org)

Posted by Soulskill on from the everyone-start-using-screen-readers dept.

An anonymous reader writes: Hackers have set up a clever new clickjacking campaign taking advantage of pop-up alerts that European users are (by now) accustomed to see: the "EU Cookie Law" notifications. The criminals are placing a legitimate ad banner on top of the warning message via an iframe. The trick is to make the ad invisible by setting its opacity to zero. So, each time a user clicks anywhere on the legitimate message, he or she clicks also on the hidden ad.

3 of 84 comments (clear)

  1. NoScript or hosts: take your pick by tepples · · Score: 3, Informative

    Services such as ClarityRay defeat your blocking.

    But there are two ways around ClarityRay: either block access to the servers that serve these scripts or block the browser from executing any scripts. Sites are unlikely to hide text from no-script users because that also hides text from search engines.

    1. Re:NoScript or hosts: take your pick by Jahta · · Score: 5, Informative

      What's Clarity Ray?

      Honestly, I have no idea why people accept sites should by default be allowed to run scripts, or the 15 sites they cross link to should run scripts just because you loaded the page.

      And, FYI, I've seen an increasing number of sites which render their content with javscript, and you only see a blank page without it. Of course, if you know how to view the page source and don't much care about the formatting the text is usually right there.

      Me, I'd just as soon punch the average web site administrator in the nose as assume I have any reason to allow them to run scripts. My default position on scripts is "piss off", and I'll enable them if I think I care or trust you. But your third parties? They can always piss off.

      ClarityRay is an Israeli "ad security" company, acquired by Yahoo last year - ClarityRay Battles Ad Blockers With $500K In Funding. Fun quote from TFA - “We believe ad-blocking today is a lot like how pirate MP3s were before iTunes: they point to a valid consumer need, but do so in an unsustainable manner business wise,” says co-founder and CEO Ido Yablonka. Though if you are also running NoScript it's hard to see how they can do anything meaningful.

      And you are spot on about the whole transitive trust aspect. Just because I may trust "site x" that doesn't mean that I trust the dozen other sites "site x" have partnered with who are trying to send me ads and scripts.

  2. Re:ABP? by Z00L00K · · Score: 3, Informative

    If the ad detection filter can catch it then the invisible ad will be stopped.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.