Flash attacks set off security alarms

By

Infected Flash SWF files causing havoc.


Several major security companies are warning of a new attack using infected Flash SWF files.

Researchers at Symantec, McAfee and Sans have urged users and administrators to defend against the exploit, which has been found on several Chinese-language sites.

The attack is also being served through as many as 250,000 compromised web pages.

Symantec researchers believe that the pages were hacked through SQL injection scripts, a technique which has been popular in several recent mass-hack incidents.

McAfee researcher Craig Schmugar agreed that the new attack has a familiar feel. "By looking for sites serving these SWF exploits we have found a connection with recent mass hacks," he said.

"Hacked sites reference an external script, just as they have for quite some time. But the external scripts now reference an SWF file."

The compromised pages contain JavaScript code which silently redirects users to the attack site.

Sans researcher Adrien de Beaupre said that at least one of the sites disguises the attack as a .jpg file. The file contains no image, but loads a script which runs the attack and attempts to install a malicious payload.

Symantec said that the attack appears to be occurring on fully patched machines. The company said that it is working with Adobe on the incident.

Users are advised to disable the Flash plug-in on their browsers or limit its use to trusted sites.

Symantec recommends that users install a script-blocking browser plug-in to prevent untrusted sites from running the attack scripts.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?