http://blogs.zdnet.c...ecurity/?p=1733
Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.
According to victims on several Web forums,the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
Here is a Mac OS X user explaining the attack
The 5th post on this MSNBC.com forum shows what happens when a victim is tricked into pasting — and spamming — the malicious link to help spread the rogue security software.
Security researcher Aviv Raff has created a proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard. (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).
____________________________________
I tried this on FF 1.5 and it doesnt work!! (Even with scripts enabled) (I havent tried it on IE7 yet)
And i wanna goto MY computer and try it with IE6/MyIE2 also...
0
2 replies to this topic
#2
-
- Moderators
-
- 9,039 posts
TMN Seasoned Veteran
- Location: In The Plex
Posted 21 August 2008 - 04:02 AM
The mac link is from 2005, and doesn't declare the actual issue.
#3
-
- Members
-
- 315 posts
An Awesome Dude
Posted 21 August 2008 - 11:59 PM
It works on my Win98se here using MyIE2 (If i disable flash in MyIE2 though it of course doesnt (The flash on the XP is all screwed up))
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
