Researchers at Symantec, McAfee and Sans have urged users and administrators to defend against the exploit, which has been found on several Chinese-language sites.
The attack is also being served through as many as 250,000 compromised web pages.
Symantec researchers believe that the pages were hacked through SQL injection scripts, a technique which has been popular in several recent mass-hack incidents.
McAfee researcher Craig Schmugar agreed that the new attack has a familiar feel. "By looking for sites serving these SWF exploits we have found a connection with recent mass hacks," he said.
"Hacked sites reference an external script, just as they have for quite some time. But the external scripts now reference an SWF file."
Sans researcher Adrien de Beaupre said that at least one of the sites disguises the attack as a .jpg file. The file contains no image, but loads a script which runs the attack and attempts to install a malicious payload.
Symantec said that the attack appears to be occurring on fully patched machines. The company said that it is working with Adobe on the incident.
Users are advised to disable the Flash plug-in on their browsers or limit its use to trusted sites.
Symantec recommends that users install a script-blocking browser plug-in to prevent untrusted sites from running the attack scripts.
Flash attacks set off security alarms
By Shaun Nichols on May 29, 2008 12:07PM