Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Internet

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 203

MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
This discussion has been archived. No new comments can be posted.

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites

Comments Filter:
  • Adblock, FTW (Score:5, Insightful)

    by Kiaser Zohsay ( 20134 ) on Wednesday January 28, 2015 @05:22PM (#48927949)

    Seriously, who even sees ads anymore?

    • Re: (Score:3, Interesting)

      Youtube just switched to HTML5 video by default, so perhaps we can uninstall Flash for good now!

    • by Anonymous Coward

      I do, I could turn on adblock at any time, but I really don't care. Most of the sites I visit I would like to give money to. Webcomics, slashdot, and so on. I have no problems with them having banners. Porn sites are an interesting breed though, maybe people should be firing up a web blocker before hitting up some of those sites, or sites that don't seem to filter their own ads.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        or sites that don't seem to filter their own ads.

        Oh, you mean like Google Adsense? They've been known to run malicious ads on countless occasions.

    • Considering ad revenue is the biggest revenue stream for the internet. I'd say quite a lot of people.

    • Re:Adblock, FTW (Score:4, Informative)

      by hcs_$reboot ( 1536101 ) on Wednesday January 28, 2015 @11:52PM (#48929841)

      Seriously, who even sees ads anymore?

      People using iPhones and iPads.

      • by antdude ( 79039 )

        Aren't there ad blockers for iOS? I hate it when web sites don't work with ad blockers. :(

  • by GerbilSoft ( 761537 ) on Wednesday January 28, 2015 @05:23PM (#48927955)
    Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.

    Maybe if Adobe fixed this, there wouldn't be so many success Flash-based attacks.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I totally agree. I solved this by disabling any Adobe stuff on any browser or platform or device.

      And when you go to Update it. It takes you to a web page. If you're not paying attention, it will try to install other stuff like the useless Mcaffee. The Adobe web page downloads a shim installer - not the real thing. The shim installer downloads the real thing and then installs that...

      Do Adobe programmers smoke crack or something?

    • by jandrese ( 485 ) <kensama@vt.edu> on Wednesday January 28, 2015 @05:37PM (#48928041) Homepage Journal
      My favorite part is where the updater tells you that a new update is ready, but it won't install it automatically because Adobe needs another ad impression or something and you have to download and install it yourself. This is why I don't have Flash or Java installed anymore. I especially like when they try to sideload some crapware toolbar with their security update too. I can kind of understand this sort of behavior from a sketchy freeware app being hosted by J. Random Guy, but Oracle and Adobe are multimillion dollar corporations. Do they really care so little about their brand?
      • by tlhIngan ( 30335 )

        My favorite part is where the updater tells you that a new update is ready, but it won't install it automatically because Adobe needs another ad impression or something and you have to download and install it yourself. This is why I don't have Flash or Java installed anymore. I especially like when they try to sideload some crapware toolbar with their security update too. I can kind of understand this sort of behavior from a sketchy freeware app being hosted by J. Random Guy, but Oracle and Adobe are multim

      • My favorite part where after every update it re-asks whether you want to auto-update.

    • I don't have this problem and yes I use a standard user account. Newer flash in the last few years runs as a service so it can update

    • by s.t.a.l.k.e.r._loner ( 2591761 ) on Wednesday January 28, 2015 @06:19PM (#48928313)
      Mandatory: http://xkcd.com/1197 [xkcd.com]
    • Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.

      It is necessary to do it that way, otherwise they wouldn't get permission to install malware. Without that dialogue box the installed malware wouldn't be legit.

  • by SeaFox ( 739806 ) on Wednesday January 28, 2015 @05:23PM (#48927961)

    I block ads on ALL websites.

  • by Anonymous Coward

    And Pornhub displays a message saying:

    You have AdBlock enabled. Adblock is known to cause issues with site functionality. If you are experiencing any issues, please try disabling the extension.

    HAH!

  • by Anonymous Coward

    They're infecting our porn now? The bastards!

  • Something Suspicious (Score:5, Interesting)

    by Anonymous Coward on Wednesday January 28, 2015 @05:35PM (#48928033)

    ... About Adobe's plug-in.

    How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too. Do I need a tinfoil hat? Or is it just a tad suspicious that this one product continues to have so many vulnerabilities found in it. After all this time. After all these previous bugs.

    Or is it the case that this is just yet another vector sponsored by the likes of the NSA or others, to infect machines of potential targets?

    This isn't an attempt to be flippant or to trash-talk Adobe. This is a serious question asked of a well-established software house and what must by now be one of the most heavily-scrutinised software packages in widespread use. Can anyone out these with specific knowledge of this product give us any insight as to why it is so regularly found to contain exploits? If we could look at the defect-per-thousand-lines-of-code, I am guessing that Adobe's products must be the worst in the industry... Can that really be the case?

    • by FreonTrip ( 694097 ) <freontrip AT gmail DOT com> on Wednesday January 28, 2015 @05:45PM (#48928103)
      It's a problem born from software bloat. It was originally intended to be a means of drawing vector graphics and simple animations, but there was a void in functionality in the days before PCs were fast enough to handle Javascript (or even had browsers that could cope with the highly abstracted pages written now). So more functionality was added, and with that came layer after layer of gooey, exploitable cruft. Now Flash doesn't just offer vector graphics. It's a multimedia environment with DRM, a method of offering rich internet applications, a video player, and a buttload more besides. All that bloat's been encouraged because Adobe wants Flash to be used by as many people as possible - it's publicly traded, you've got to show investors and stockholders where all that money's going - and we've now arrived at the point where it's a suppurating pile of vulnerabilities and patched-together functionality with legacy support, far more trouble than it's worth for most users.
      • So why don't they skip the middleman and write their own browser in Flash? See how well it worked for Java? :-)
        • Actually, there ARE browsers built on Flash. They've got an entire platform people can use should they care to. However, Adobe's revenue stream comes in mostly via the reseller market -- so they make more money off of things like ADS and being an ePub certificate authority -- hence, no reason for them to focus too much time/money on their actual products.

          I guess that's what you get for building with mud.

      • It's a problem born from software bloat. It was originally intended to be a means of drawing vector graphics and simple animations, but there was a void in functionality in the days before PCs were fast enough to handle Javascript (or even had browsers that could cope with the highly abstracted pages written now).

        Did you mean Java or JavaScript (*)? JavaScript of the time (late 90s) was too simplistic to be usable for serious client-side apps on its own, but I don't think it was especially slow. It was Java that was just too heavyweight for PCs of the time to handle; (**) and I think that explains *why* Flash succeeded.

        I've said it before, and I'll say it again [slashdot.org]- Flash basically snuck in via the back door to (eventually) end up filling almost the exact same role that Java Applets were supposed to meet (i.e. embedde

    • Security Issues (Score:5, Insightful)

      by TrollstonButterbeans ( 2914995 ) on Wednesday January 28, 2015 @05:52PM (#48928153)
      "How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities".

      Flash didn't start out as a media player, per se, but an interactive presentation layer for animations and for a while imagined itself as browser-independent web based user interface programming language.

      So it is a complex unwieldy beast.
    • How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too. Do I need a tinfoil hat? Or is it just a tad suspicious that this one product continues to have so many vulnerabilities found in it. After all this time. After all these previous bugs.

      No, it's not suspicious, it's exactly what you would expect from corporate programmers in a system that wasn't designed with security in mind.

      When people try to make code secure, it's difficult. When people don't even try, it's impossible.

    • Google ran a massive fuzz testing effort against the plugin and found 400 unique looking crashes that were resolved by about 80 patches. Yeah, the quality isn't looking that great...
    • @Anonymous: "How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too."

      These are not vulnerabilities in Adobe's plug-in, these are defects in the underlying platform, the name of which must never be mentioned on slashdot.
  • Which is why the Adobe Flash installer also include McAfee anti-virus as a courtesy.
    • by FreonTrip ( 694097 ) <freontrip AT gmail DOT com> on Wednesday January 28, 2015 @05:47PM (#48928119)
      It's galling, isn't it? "We know our software's as safe on the unprotected web as a Craigslist hookup, so be sure to keep this software rubber handy." And it might not be so insulting if McAfee was good at anything besides eating hardware resources...
      • by Rich0 ( 548339 )

        And it might not be so insulting if McAfee was good at anything besides eating hardware resources...

        Oh, they're rather good at marketing and processing credit card payments too.

      • by ShaunC ( 203807 )

        Is there a preference or a killbit to block McAfee from hitching a ride? Java's installer lets you set a registry key to suppress the Ask.com toolbar offer from appearing, would be nice to see something similar for Flash.

  • Its target audience is all-encompassing: porn watchers. FTFY.
  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Wednesday January 28, 2015 @06:13PM (#48928273)

    So do action shots of me in my Captain Cocktastic costume (girlfriend's crotchless panties, Captain America helmet, red cape, and big, hairy winter boots), leaping to the attack over a suspiciously-shaped beanbag chair, constitute pornography, comedy or educational material?

    If the first is true, should I worry that I may fall victim to this security threat should the pictures accidentally become public?

  • So the summary says that this thing targets porn watchers specifically, but I couldn't find any stats on what percentage of the total net population that is. Does anyone have any data?
    • So the summary says that this thing targets porn watchers specifically, but I couldn't find any stats on what percentage of the total net population that is.

      It's 118%.

      • by aquabat ( 724032 )
        Ya. That sounds like the right ballpark. BTW, your sig and mine are like two sides of the same coin.
  • [...] attempts to detect virtual machines and anti-virus products.

    So if I make all my computers look like they are running as a virtual machine, I'm safe from this exploit?

  • Flash doesn't run on my IOS device... Go Apple...
  • by Anonymous Coward

    The advertisers don't seem to realize that the harder that they try to get our attention via more and more garish, disgusting, crap that they try to shove in our faces on web pages, the more people will decide to block ads and scripts etc... on web pages. People go to web sites to see content, not to be distracted by ads. People do not go to web sites to have malware, spyware, or crapware installed on their computers. I bought my computer. It mine. I and I ALONEwill control what is installed on it, wha

  • Microsoft tried to implement a system where sites and advertisers are NOT anonymous and hence responsible for their content, as a subset of the web, the world went crazy and MS abandoned the idea. IMO users should be anonymous, but sites and advertisers should not be. Also, the site doesn't mention you should have 16.0.0.296 to be safe, the linked article does.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...