http://blogs.zdnet.com/security/?p=1733Malicious hackers are using booby-trapped Flash banner ads to hijack
clipboards for use in rogue security software attacks. In the Web attacks, which target Mac, Windows
and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.
According to victims on several Web forums,the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
Here is a Mac OS X user
explaining the attackThe 5th post on this
MSNBC.com forum shows what happens when a victim is tricked into pasting — and spamming — the malicious link to help spread the rogue security software.
Security researcher Aviv Raff has created a
proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard. (
BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).
____________________________________
I tried this on FF 1.5 and it doesnt work!! (Even with scripts enabled) (I havent tried it on IE7 yet)
And i wanna goto MY computer and try it with IE6/MyIE2 also...
Author
Print
Advanced search
