Adobe zero day flaw being actively exploited in wild

By SearchSecurity.com Staff 28 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The widely used Adobe Flash Player has a zero day flaw that is being targeted by a number of attackers who set up more than 200,000 Web pages to exploit the flaw.

The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers. Dancho Danchev, security researcher

The unspecified remote code-execution vulnerability could be exploited to cause denial of service conditions, according to Symantec, which reported the flaw on Monday.

Symantec said Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable and other versions may also be affected. The flaw occurs when the flash player tries to process a malicious Shockwave Flash (SWF) file. The vulnerability is similar to an Adobe Flash Player multimedia file remote buffer overflow vulnerability, discovered by Mark Dowd of IBM, Symantec said.

Adobe said it was investigating the incident to determine if the previous flaw was incorrectly patched or if the latest wave of attacks is using a new variant.

Symantec is tracking a number of attacks which involve two Chinese sites known to be hosting exploits. Attackers are injecting malicious code into the sites using SQL-injection vulnerabilities. Up to 20,000 Web pages are serving up a script redirecting users to the malicious sites. As a result of the attacks in the wild, Symantec raised is ThreatCon to level 2.

Meanwhile, McAfee said it has discovered up to 250,000 Web pages designed to exploit the flaw. McAfee Avert Labs reported in its blog that different exploits are crafted to exploit the different versions of Adobe Flash. Exploits exist for both Internet Explorer and Firefox, McAfee said.

"McAfee Avert Labs has received submissions of samples of exploits from many sources spanning multiple domains over the past 24 hours," the research team said.

Security researcher Dancho Danchev said the flaw is "definitely worth assessing." Danchev is recommending that IT administrators consider blocking flash until the vulnerability is patched by Adobe.

"The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers," Danchev said in his Mind Streams of Information Security Knowledge blog.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary