Adobe Flash ads launching clipboard hijack attack

Summary:Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine's clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

Clipboard hijack
Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine's clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites -- including Newsweek, Digg and MSNBC.com.

Here is a Mac OS X user explaining the attack:

This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:

[ malicious URL deleted ]

And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.

I'm only going to websites that are directly linked off the main page of digg.com, so they're not obscure, and I'm surfing in firefox, though the system wide clipboard is getting taken over, so I can't even copy something over that from a program like TextEdit.

The 5th post on this MSNBC.com forum shows what happens when a victim is tricked into pasting -- and spamming -- the malicious link to help spread the rogue security software.

Security researcher Aviv Raff has created a proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard.   (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).

Topics: Security, Enterprise Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.