Slashdot Mirror
Adobe Flash Ads Launching Clipboard Hijack Attacks
bullyBEEF writes "Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which affect Mac, Windows, and Linux users running Firefox, IE, and Safari, bad guys are seizing control of the machine's clipboard (probably using the Flash command setClipboard) and inserting a hard-to-delete URL that points to a fake anti-virus program. A number of legitimate sites have been seen to host ads carrying the attack — including Newsweek, Digg, and MSNBC.com. Researcher Aviv Raff offers a harmless demo of how it's done."
"Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards..."
booby flash?
confirmed on mac os x 10.5.4
I'm sorry, but you're using a Mac and anything like this is completely impossible. Why do you hate Mac users, that you would say such a disturbing thing? You are mean.
Don't disappoint your bird dog. Go to the range.
You have problems....
This is /., where over-engineering would be considered a virtue if laziness hadn't won out.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
"a PC with 6GB of RAM for $999? Really? That's funny"
That's not funny. Funny would involve the computer coming from a man walking into a bar after crossing the road on a chicken, or asking many of those 6gigs of RAM it would take to change a lightbulb. There's no chickens involved here, and definitely no light bulb. I deduce that you're using sarcasm, maybe to convey the idea that you don't believe you can get a computer out of 'em with 6gig RAM... am I right?
The revolution will not be televised... but it will have a page on Wikipedia
Now we know why the iPhone has no copy/paste support. It's a security issue!
Its about time they start making software that runs on Linux too.
You have to develop flash?, I feel sorry for you
So now it seems that Linux's nonintegrated multiple clipboards and their UIs (Ctrl-c, and select/middle-click) are a security feature, not a bug.
--
make install -not war
I got hit with this last night and it was a bitch trying to figure out what it was. I literally spent hours trying to find what had hijacked my computer. I finally said screw it and reinstalled Linux, because the only game I play regularly can be loaded in Wine.
"Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
I just use SWFDec. It avoids the Flash problem by failing to play about 50% of the stuff out there.
The demo hijack page doesn't work, either. Surprise!
Just kidding. I like SWFDec much better than Flash + nspluginwrapper on my 64-bit Lenny.
Put identity in the browser.
I often hear people on Slashdot claiming that Flash is safe
Well sir you must view /. at a much lower threshold then I do!
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Congratulations, you're vulnerable to all the holes fixed between Firefox 2.0.0.14 and Firefox 2.0.0.16 and many of the holes fixed between Flash 7 and Flash 9 instead.
That domain now points to Whitehouse.gov
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23