A New Attack on Websites - clickjacking

With clickjacking, the attacker overlays invisible malicious content on a page so that when the user clicks a link, he is actually clicking a URL under the hacker's control. With banner ads, attackers deploy multiple redirects via a series of banner ads, eventually directing users to a site hosting malware, which is automatically installed on the user's computer. This attack is possible because the primary (first redirect) banner ads are benign, drawing no attention when placed on leading search engines and popular sites.

Clickjacking is the term given last September to a new class of browser-based attacks that trick users into clicking on site buttons or Web forms. Such attacks essentially hide malicious actions under the cover of a legitimate site, and theoretically can be used to empty online bank accounts, secretly turn on Web cameras or even change a computer's security settings to make it vulnerable to additional attack.