Adobe Flash Ads Launching Clipboard Hijack Attacks

bullyBEEF writes "Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which affect Mac, Windows, and Linux users running Firefox, IE, and Safari, bad guys are seizing control of the machine's clipboard (probably using the Flash command setClipboard) and inserting a hard-to-delete URL that points to a fake anti-virus program. A number of legitimate sites have been seen to host ads carrying the attack — including Newsweek, Digg, and MSNBC.com. Researcher Aviv Raff offers a harmless demo of how it's done."

Re:confirmed on mac os x 10.5.4

[fermion]

Honestly, when Apple put out Safari without a built in flash blocker, it spelt the beginning of the end. Apple now, like MS, treats users as a means to generate a long term profit stream, not like a customer who paid a huge amount of money for a machine and expects to be treated as a customer.

Fortunately there is camino. Unfortunately most people don't use it. Flash is really enemy #1 in terms of security, and it would be nice if Adobe would build in a mandatory stop/start button into the specification. Fortunately, there is still no flash on the iPhone, and if we are lucky there never will be.