Attackers Abuse Legitimate EU Cookie Law Notices In Clickjacking Campaign

An anonymous reader writes: Hackers have set up a clever new clickjacking campaign taking advantage of pop-up alerts that European users are (by now) accustomed to see: the "EU Cookie Law" notifications. The criminals are placing a legitimate ad banner on top of the warning message via an iframe. The trick is to make the ad invisible by setting its opacity to zero. So, each time a user clicks anywhere on the legitimate message, he or she clicks also on the hidden ad.

Block 'em all.

Blockity blockity blockity. When the advertisers clean their own house, then I'll stop blocking them.

I'm not holding my breath here.

AC

Re:NoScript or hosts: take your pick

[gstoddart]

What's Clarity Ray?

Honestly, I have no idea why people accept sites should by default be allowed to run scripts, or the 15 sites they cross link to should run scripts just because you loaded the page.

And, FYI, I've seen an increasing number of sites which render their content with javscript, and you only see a blank page without it. Of course, if you know how to view the page source and don't much care about the formatting the text is usually right there.

Me, I'd just as soon punch the average web site administrator in the nose as assume I have any reason to allow them to run scripts. My default position on scripts is "piss off", and I'll enable them if I think I care or trust you. But your third parties? They can always piss off.