Author Topic: Adobe Flash zero-day exploit in the wild *Updated*  (Read 10485 times)

0 Members and 1 Guest are viewing this topic.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Adobe Flash zero-day exploit in the wild *Updated*
« on: May 28, 2008, 12:05:11 AM »
Malware hunters have spotted a previously unknown — and unpatched — Adobe Flash vulnerability being exploited in the wild.


http://blogs.zdnet.com/security/?p=1189&tag=nl.e589

Be careful out there
« Last Edit: May 29, 2008, 07:41:04 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Adobe Flash zero-day exploit in the wild
« Reply #1 on: May 28, 2008, 12:21:01 AM »
Does avast protects against this one? ???
The best things in life are free.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Adobe Flash zero-day exploit in the wild
« Reply #2 on: May 28, 2008, 03:08:25 AM »
Does avast protects against this one? ???

A very good question Tech, Let's hope someone from Alwil can answer it.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!


kubecj

  • Guest
Re: Adobe Flash zero-day exploit in the wild
« Reply #4 on: May 28, 2008, 12:43:54 PM »
Added the detection to the internal test version, should be out today.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Adobe Flash zero-day exploit in the wild
« Reply #5 on: May 28, 2008, 03:39:25 PM »
Thanks kubecj.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33989
  • malware fighter
Re: Adobe Flash zero-day exploit in the wild
« Reply #6 on: May 28, 2008, 06:47:13 PM »
Hi malware fighters,

Here a list of sites to block:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080527

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Adobe Flash zero-day exploit in the wild
« Reply #7 on: May 28, 2008, 06:50:30 PM »
Thanks for the info polonus.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

CharleyO

  • Guest
Re: Adobe Flash zero-day exploit in the wild
« Reply #8 on: May 29, 2008, 04:21:39 AM »
***

Thanks for the link, Polonus.    :)


***

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Adobe Flash zero-day exploit in the wild
« Reply #9 on: May 29, 2008, 07:38:50 PM »
Update, it looks like the 9.0.124.0 plug-in version of flash player is immune to this attack. Make sure yours is up to date.


http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9090218&taxonomyId=85
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33989
  • malware fighter
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #10 on: May 29, 2008, 08:45:24 PM »
Hi marc57,

Thanks for the heads up. I already have this latest version, and other are advised to do so without delay at: http://www.adobe.com/products/flashplayer/

Still 40% of all Windows users did not update, according to numbers from Online Software Inspector and Personal Software Inspector links: https://psi.secunia.com/ and http://secunia.com/software_inspector/
36% of PSI users did not update to the latest 9.0.124.0 version. If these are the numbers for security aware people, the numbers for unprotected and vulnerable common users must be many times higher.
However the users of Firefox with NoScript blocking must be considered as also secure,

polonus


« Last Edit: May 29, 2008, 08:47:09 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

drhayden1

  • Guest
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #11 on: May 29, 2008, 09:45:21 PM »

Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. I've read reports of possibly 250,000 web pages hosting this new exploit. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.

Adobe test site which will show latest version (should be 9.0.124)
http://kb.adobe.com/selfservice/viewConten...rnalId=tn_15507

How to manually update if needed (be sure to uncheck Google Toolbar)
http://www.adobe.com/products/flashplayer/

AVERT reports that recent sites affected by mass hacking attacks are being redirected to load malicious SWF files. These exploits are being programmed for specific versions of Flash to broaden the scope of attacks. Finally, please see last AVERT link (05/28), as they are researching a new variant that might possibly exploit Flash where it is fully up-to-date (e.g., 9.0.124).

Adobe Flash Player Flaw - Massive Exploitation reported
http://www.frsirt.com/english/

QUOTE: Adobe Flash Player Flaw Massive Exploitation -- The Adobe Flash Player vulnerability which was disclosed this week by Symantec and believed to be unknown (zero-day) is a previously known issue that was patched with version 9.0.124.0. Multiple compromised web pages are currently exploiting this flaw and distributing malware.

ADDITIONAL LINKS
http://www.frsirt.com/english/advisories/2008/1158
http://isc.sans.org/diary.html?storyid=4474
http://secunia.com/advisories/30404/
http://www.securityfocus.com/bid/29386
http://www.avertlabs.com/research/blog/ind...exploit-update/

QUOTE: Here's a quick update to the earlier post on a new unpatched Adobe Flash vulnerability. Through looking for sites serving these SWF exploits we've found a connection with recent mass hacks. Hacked sites reference an external script, just as they have for quite some time. But, the external scripts now reference an SWF file.

New variants emerging - AVERT researching claims that currently patched systems may be vulnerable?
http://www.avertlabs.com/research/blog/ind...ploit-update-2/

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89417
  • No support PMs thanks
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #12 on: May 29, 2008, 10:23:40 PM »
Dan, when you are posting links many don't work.
e.g. all the ones with ... in the URL.

This is because where you are copying them from whatever source, they shorten the displayed URL using the .... in the displayed link, the underlying URL of the link you copy from should have the full path.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33989
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

kubecj

  • Guest
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #14 on: May 29, 2008, 11:45:55 PM »
Our detection in the last VPS should be very, very generic (I'm myself a bit afraid that it may sometimes FP on broken flash files), so avast users should be protected.

I'm not sure I understand the NoScript remark? The vulnerability is in Flash, the javascript around is just to hide the fact.