Adobe Flash ads launching clipboard hijack attack

Adobe Flash ads launching clipboard hijack attack

Summary: Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine's clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

SHARE:

Clipboard hijackMalicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine's clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites -- including Newsweek, Digg and MSNBC.com.

Here is a Mac OS X user explaining the attack:

This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:

[ malicious URL deleted ]

And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.

I'm only going to websites that are directly linked off the main page of digg.com, so they're not obscure, and I'm surfing in firefox, though the system wide clipboard is getting taken over, so I can't even copy something over that from a program like TextEdit.

The 5th post on this MSNBC.com forum shows what happens when a victim is tricked into pasting -- and spamming -- the malicious link to help spread the rogue security software.

Security researcher Aviv Raff has created a proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard.   (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).

Topics: Security, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

60 comments
Log in or register to join the discussion
  • .....

    Well, good think I have Ad Block, Flash Killer and Flash Block along with No Script installed! ]:)
    Linux User 147560
    • Indeed

      As do I, and I recommend it to everyone I do computer work for, whether they have Linux or Windows. All of the people I do Linux for listen to my advice, and will be safe, the people I do work for who continue to use windows often don't take my advice, but that's fine, I'll be called back in to get their fat out of the fire again, and I always charge extra for working on windows.
      tracy anne
  • woah

    Damn that sucks, Adobe needs to jump on this.
    ZenMasta
  • So much for "Linux == security"

    or "FireFox == security" for that matter.
    LBiege
    • re: So much for "Linux == security"

      [i]or "FireFox == security" for that matter.[/i]

      I run both and I must say I clicked the link and my KDE clipboard was indeed hijacked. Fortunately I use the Linux (xpm?) clipboard, not the window manager clipboard. There's a difference

      That being said, however, I also clicked on the malicious URL on the msnbc.com page and the only thing that happened to me (after some pretty scary animation showing all the Windows virii loaded on my Linux box) was I was asked to save a malicious .exe file.

      So, maybe Linux != security but also Linux > Security > Windows.




      :)
      none none
    • The same could be said of Vistas security

      or XP or Internet Explorer. So Vista is the most secure OS
      ever invented. Get real ,,,
      Intellihence
      • Actually

        It was demonstrated at the Black Hat conference in Las Vegas, this month, that Vista security is insignificantly better than XP security, that it's entirely possible to place arbitrary code anywhere in computer memory on a Vista machine, at the discretion of the malicious code writer.
        tracy anne
    • Linux is far, far more secure

      Uh, Firefox is 3 times more secure than Internet Explorer and Linux is far, far more secure than Windows could ever hope to be. It's funny how Windows users have to latch onto the littlest things to justify themselves yet continue to use the most vulnerable systems on the planet.
      drhowarddrfine
      • Fedora Linux infrastructure pwned!

        Fedora Linux infrastructure pwned:
        http://blogs.zdnet.com/security/?p=1725
        qmlscycrajg
        • Nope. Red Hat Enterprise had some files compromised. <nt>

          ?
          seanferd
      • Is it really more secure...

        Or just a smaller target?
        fondy
        • Oh it's more secure, but even a giant can be taken down...

          with a bad application. If the application has enough administrative control or can be crafted by malware to have administrative control; even Linux can be compromised.

          I'm not saying the cracker may own the machine, but he can own enough in the present session to do irreparable damage to you.

          Even in Windows one can do a lot to lower the risk by using tools like Secunia PSI that let you know when to rid your machine of end-of-life applications, dangerous left over files, and applications that need patched.

          I don't know if there is a Mac or Linux version, but there needs to be!
          JCitizen
          • And don't run as Administrator on any OS. :D

            Best protection can be defeated by the user if he does not set up properly. There is info out there for every OS to help you make it more secure.
            seanferd
          • For sure; For sure!!..(NT)

            nt
            JCitizen
    • Flash != Linux

      What does Flash have to do with Linux security? Flash is not part of the Linux kernel or the GNU operating system. Flash isn't even open source. I can write a bad application for my Linux system that will hose it. I can certainly write a C/C++ app for Linux that will also hijack the clipboard. That is not in any way indicative of a flaw in Linux; it is a matter of mis-use. I can mis-use a car and run down someone with it; is that a fault in the car's design?
      davidr69
  • RE: Adobe Flash ads launching clipboard hijack attack

    Whoa, another good reason I don't allow Flash in my Firefox browser. That's besides really annoying adds, especially the floating ones that step all over the page you asked for.
    What_the
  • NoScript: Thanks so much

    Once again, NoScript saves our collective keesters!

    Thanks for a great plug-in!
    oldbaritone
    • yep

      I recommend it to all my clients.
      tracy anne
    • it doesn't protect anything

      it just blocks you to play a flash movie, just like disabling the plug-in. Once you unlock it because you want to see a move, you're pwned!
      qmlscycrajg
      • It protects plenty

        So do you spend a lot of time allowing banner ads to play? According to the article, the attacks are from banner ads on respectable sites. If you want to see the flash movie on a page, you can temporarily allow it. None of the other scripts on the page will be allowed to run.
        cipherepoch