Network-enabled applications are applications that use communication networks to share information between various devices, each of which might be operated by the same or different user. The network-enabled applications include applications such as browser engines, messaging interfaces, e-mail tools, remote desktops, and the like that allow users to easily browse, select, and manipulate items being viewed using a network-enabled application. The network-enabled application receives one or more communications (such as code for instantiating webpages) from a service provider that is often encoded in the form of a language (such as the hypertext markup language HTML), which describes the structure and functionality of the content that is received by the content user.
The communication (such as a received webpage) often includes information that is rendered using a graphics engine and displayed in the context of a graphics user interface (such as a windowed interface). Often, a cursor is used by the user to click on form submission boxes and hyperlinks of the displayed a graphics user interface. The cursor is normally implemented using a graphics object (such as a sprite) that is displayed as a top level display object. Thus the cursor appears to float over lower portions (e.g., layers) of the graphics interface as the cursor is moved across the display in response to user input commands (received from a mouse or trackball, for example).
However, malicious code that might be present in the network-enabled application (and/or computer upon which the network-enabled application is executing) can exploit the floating of the cursor over lower level objects by hiding a relatively small and/or transparent, yet clicked on element. For example, the malicious code can detect the position of the cursor. The malicious code is capable of positioning the hidden clicked on element anywhere on page, including being hovered over a button such as a play button.
When the user attempts to click a seemingly valid element (such as a hyperlink to a movie) by clicking on the seemingly valid element, for example, the hidden clicked on element misdirects the selection (click) signal generated by the user and performs any action that is allowed in response to a user selection (including actions unintended by the user). This exploit of misdirecting a user selection signal is often referred to as “clickjacking,” a clickjacking attempt, user interface (UI) redress attack, or UI redressing. The malicious code can then exploit the misdirected user selection signal by, for example, referring to a link that is included in the hidden clicked on element ostensibly for the purpose of making (e.g., illegal or unfair) use of the exploited information.