Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An Adobe Flash vulnerability that was fixed this week is being exploited in targeted drive-by downloads and spear phishing attacks.
Researchers at the all-volunteer Shadowserver Foundation first learned of the exploits on June 9, five days before Adobe issued a patch for the flaw.
"Virtually out of nowhere this just popped up," Shadowserver researcher Steven Adair said. "It has rapidly seemed to have made its way around."
The exploit has been embedded on a number of legitimate websites, including ones belonging to a Korean news outlet, a Taiwanese university, an Indian government agency, aerospace companies and various "non-government organisations" Adair said.
Users can be infected simply by visiting one of these compromised sites if they are running an out-of-date version of Flash in concert with a Windows machine.
The exploit also is spreading via spear phishing emails that contain lures attempting to persuade recipients to click on a malicious link that leads to a hacker-owned website hosting the exploit, Adair said.
The US-Taiwan Business Council, which helps develop trade relationships between the two countries, is just one organization that has received the socially engineered messages.
Because the attackers spreading this exploit seem to be picking on specific targets and are using customized payloads that are difficult to detect, they don't appear to be indiscriminate criminals, Adair said.
"It's looking more like APT (advanced persistent threat) activity," he said. "It doesn't look like they are mass blasting.
Adair said Flash attacks have been quite prevalent in recent months.
"What makes [this exploit] especially bad is it doesn't result in any crash," he said. "It all happens in the background. You can go about your business without seeing it happen."
An Adobe spokeswoman said the company is aware of the attacks underway.
"The only information we can provide is that there are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages," the company said. "We cannot disclose any specific information about customers targeted."
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.