The Dude
08-21-2008, 03:18 AM
http://blogs.zdnet.com/security/?p=1733
Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards (http://en.wikipedia.org/wiki/Clipboard_%28software%29) for use in rogue security software attacks. In the Web attacks, which target Mac, Windows and Linux users (http://ubuntu-virginia.ubuntuforums.org/showthread.php?t=886905) running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.
According to victims on several Web forums,the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
Here is a Mac OS X user explaining the attack (http://discussions.apple.com/thread.jspa?messageID=776884)
The 5th post on this MSNBC.com forum (http://boards.msn.com/MSNBCboards/thread.aspx?threadid=708752&boardsparam=Page%3D983) shows what happens when a victim is tricked into pasting — and spamming — the malicious link to help spread the rogue security software.
Security researcher Aviv Raff has created a proof-of-concept demo (http://raffon.net/research/flash/cb/test.html) to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard. (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).
____________________________________
I tried this on FF 1.5 and it doesnt work!! (Even with scripts enabled) (I havent tried it on IE7 yet)
And i wanna goto MY computer and try it with IE6/MyIE2 also...
EDIT:
It works on my Win98se here using MyIE2 (If i disable flash (or active x) in MyIE2 though it of course doesnt (The flash on the XP is all screwed up))
Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards (http://en.wikipedia.org/wiki/Clipboard_%28software%29) for use in rogue security software attacks. In the Web attacks, which target Mac, Windows and Linux users (http://ubuntu-virginia.ubuntuforums.org/showthread.php?t=886905) running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.
According to victims on several Web forums,the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
Here is a Mac OS X user explaining the attack (http://discussions.apple.com/thread.jspa?messageID=776884)
The 5th post on this MSNBC.com forum (http://boards.msn.com/MSNBCboards/thread.aspx?threadid=708752&boardsparam=Page%3D983) shows what happens when a victim is tricked into pasting — and spamming — the malicious link to help spread the rogue security software.
Security researcher Aviv Raff has created a proof-of-concept demo (http://raffon.net/research/flash/cb/test.html) to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard. (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).
____________________________________
I tried this on FF 1.5 and it doesnt work!! (Even with scripts enabled) (I havent tried it on IE7 yet)
And i wanna goto MY computer and try it with IE6/MyIE2 also...
EDIT:
It works on my Win98se here using MyIE2 (If i disable flash (or active x) in MyIE2 though it of course doesnt (The flash on the XP is all screwed up))