Thursday

Flash banners taking over your clipboard



Several sites reported on the "Clipboard" attack. Through Adobe Flash and Actionscript.

According to US media reports, Flash banners that appeared on websites for Newsweek, Digg and MSNBC manipulated the clipboards on visitors' PCs. The banners copied the URL of a site, to the clipboard, that was supposedly an online antivirus scanner. This then sought to convince users to purchase software by frightening them with the message that their PCs were infected by a virus. Users who are in the habit of copying links from text and pasting them into their browser's address line were likely to have copied the URL to the spammers' site and ended up there. (Source: Heise)
That attack works under Windows, Mac OS and Linux. A side-effect is that the clipboard will freeze and cannot be used until the browser is restarted.

Adobe has reported it is looking into the problem, but doesn't have any patches at this point.

As long as you don't visit the URL contained in your clipboard, you are fine. But it's advisable to use a flashblocker or to use Noscript which also blocks Flash by default.

Despite some reports
, NoScript will protect you. Of course, if you deactivate the features that are meant to protect you, you are vulnerable. It's like deactivating your virusscanner and blaming it for not stopping a virus. Noscript will block Javascript, Java, Flash and other plugins. But it's not made to block actionscript if flash protection/blocking is disabled. Default settings will keep you protected. Just make sure, you have the latest version.

This is also part of an email campaign to try to convince you, your PC is infected and tricks you into installing their Antivirus product (which is just a Trojan).

Here is a more detailed analysis of what happens, if you do happen to visit the clipboard URL and get infected.

No comments: