Adobe Flash Ads Launching Clipboard Hijack Attacks 353
bullyBEEF writes "Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which affect Mac, Windows, and Linux users running Firefox, IE, and Safari, bad guys are seizing control of the machine's clipboard (probably using the Flash command setClipboard) and inserting a hard-to-delete URL that points to a fake anti-virus program. A number of legitimate sites have been seen to host ads carrying the attack — including Newsweek, Digg, and MSNBC.com. Researcher Aviv Raff offers a harmless demo of how it's done."
what sort of flash? (Score:5, Funny)
"Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards..."
booby flash?
Re:confirmed on mac os x 10.5.4 (Score:5, Funny)
I'm sorry, but you're using a Mac and anything like this is completely impossible. Why do you hate Mac users, that you would say such a disturbing thing? You are mean.
Re:How to fix this: (Score:5, Funny)
Re:flashblock (Score:5, Funny)
Re:Write Filter = Best Antivirus (Score:3, Funny)
"a PC with 6GB of RAM for $999? Really? That's funny"
That's not funny. Funny would involve the computer coming from a man walking into a bar after crossing the road on a chicken, or asking many of those 6gigs of RAM it would take to change a lightbulb. There's no chickens involved here, and definitely no light bulb. I deduce that you're using sarcasm, maybe to convey the idea that you don't believe you can get a computer out of 'em with 6gig RAM... am I right?
iPhone (Score:2, Funny)
Now we know why the iPhone has no copy/paste support. It's a security issue!
Whew. (Score:4, Funny)
Its about time they start making software that runs on Linux too.
Re:How to fix this: (Score:2, Funny)
Secure Linux Clipboards (Score:4, Funny)
So now it seems that Linux's nonintegrated multiple clipboards and their UIs (Ctrl-c, and select/middle-click) are a security feature, not a bug.
And my wife said it was porn! (Score:2, Funny)
Re:Clicked on the flash area in NoScript in the de (Score:3, Funny)
The demo hijack page doesn't work, either. Surprise!
Just kidding. I like SWFDec much better than Flash + nspluginwrapper on my 64-bit Lenny.
Re:Clicked on the flash area in NoScript in the de (Score:5, Funny)
I often hear people on Slashdot claiming that Flash is safe
Well sir you must view /. at a much lower threshold then I do!
Re:Not affected it seems ... (Score:1, Funny)
Congratulations, you're vulnerable to all the holes fixed between Firefox 2.0.0.14 and Firefox 2.0.0.16 and many of the holes fixed between Flash 7 and Flash 9 instead.
Re:Opposite experience (Score:2, Funny)
That domain now points to Whitehouse.gov