Critical vulnerability in Flash Player being actively exploited
Symantec has warned of a security hole in Adobe's Flash Player that is already being exploited by web sites to install trojans onto users' computers. Adobe is still analysing the bug and has not yet been able to release an update.
According to Symantec, Chinese servers are currently serving code which exploits this security vulnerability. They cite the domains wuqing17173.cn and woai117.cn. The Internet Storm Center has also found exploit code on play0nlnie.com. The code can be called by injected links on compromised web sites, using IFrames to inject trojans onto victims' computers. Using a Google search, Symantec has already identified more than 20,000 hacked websites linking to woai117.cn alone.
The malicious code only appears to be attacking Windows at present. ISC reports that it downloads the files ax.exe and setip.exe. However, the vulnerability probably affects Flash Player for other operating systems as well. It is therefore likely to be just a question of time before malware coders are distributing malicious code for Linux and Mac OS X.
Until Adobe releases an update for the vulnerable versions up to and including 9.0.124.0, users should take their own precautions against malicious .swf files. Network administrators should block access to identified malicious domains at the gateway. The Firefox add-ons Flashblock and NoScript replace Flash objects embedded in web sites with placeholders and only load the objects when instructed to do so by the user.
For Internet Explorer users, uninstalling Flash Player is the best remedy. Adobe offers a standalone uninstaller to remove the program. According to Symantec, setting the kill bit for ClassID d27cdb6e-ae6d-11cf-96b8-444553540000 until an update is available will also help to protect from attacks. IE users can also, however, block execution of Flash objects and consign the browser to a sandbox using the c't IE Controller (German language page) which should also work for English language users.
See also:
- Symantec ThreatCon, warning from Symantec
- Potential Flash Player issue, security advisory from Adobe's security team
- Malicious swf files?, security advisory from the Internet Storm Center
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
