Saturday November 22, 2008 9:43 AM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Application Flaws > Flash attacks set off security alarms

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Summary for November 2008
MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:1.0

CERT/CC

Latest Comments

"when i login to face book it tells me i am cookies enabled what does this mean"

on Ads on Facebook serving up adware

by celeste | Nov 21, 2008 5:15 PM

"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."

on Yahoo and Microsoft take aim at lottery scams

by Rodney Churchyard | Nov 20, 2008 6:13 PM

"security through obscurity...shows how detached HIPAA is from reality."

on Privacy breaches causing business instability

by priceOfFishInChina | Nov 20, 2008 1:19 PM

"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."

on Shavlik Technologies to broaden its patch management offerings

by eric | Nov 20, 2008 8:15 AM

"it's great i tried it"

on McAfee offers free trial of security appliance

by divyacharan | Nov 20, 2008 12:24 AM

Application Flaws

Flash attacks set off security alarms

Several major security companies are warning of a new attack using infected Flash SWF files.

Researchers at Symantec, McAfee and Sans have urged users and administrators to defend against the exploit, which has been found on several Chinese-language sites.

The attack is also being served through as many as 250,000 compromised web pages.

Symantec researchers believe that the pages were hacked through SQL injection scripts, a technique which has been popular in several recent mass-hack incidents.

McAfee researcher Craig Schmugar agreed that the new attack has a familiar feel. "By looking for sites serving these SWF exploits we have found a connection with recent mass hacks," he said.

"Hacked sites reference an external script, just as they have for quite some time. But the external scripts now reference an SWF file."

The compromised pages contain JavaScript code which silently redirects users to the attack site.

Sans researcher Adrien de Beaupre said that at least one of the sites disguises the attack as a .jpg file. The file contains no image, but loads a script which runs the attack and attempts to install a malicious payload.

Symantec said that the attack appears to be occurring on fully patched machines. The company said that it is working with Adobe on the incident.

Users are advised to disable the Flash plug-in on their browsers or limit its use to trusted sites.

Symantec recommends that users install a script-blocking browser plug-in to prevent untrusted sites from running the attack scripts.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Flash attacks set off security alarms

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management