May 29, 2008 By 47 Comments

Adobe Flash Player Exploit Grabs Your Files

Adobe Flash Player If you have Adobe Flash player installed like most people on the Internet, make sure you check your flash version and ensure you are running version 9.0.124.0.  If you are running a lower version, your machine is susceptible to sending pretty much anything to the hacked flash applet, and server.  Updated your Flash now!  That or uninstall it!  How many of these rouge flash files are out there?  About 250, 000 Web pages.  That’s at least how many have been tracked to take advantage of the exploit.  There probably are way more.  To be clear, these machines have not been exploited using the bug in flash, they however hosted the malicious flash files that would take users private information from their computers.

The worst part about this exploit?  You won’t know you have gone to a bad site!  What the flash file will do is install a Trojan on your machine, and send the server passwords, and possibly other data, including WoW (World of Warcraft) account information.  Another awesome part of this?  Since Adobe Flash is cross-platform, cross-browser, there are a ton of computers out there that are open to a massive attack.

imageWhile Adobe has now fixed the issue (they are pretty sure anyway), most people won’t get the patch until they run into a site that forces them to install the latest version.  If you would like to learn how to create a malicious flash file, just read Mark Dowd’s article from IBM.  The other issue is that most times things like this happen, it seems people find workarounds to the fix.  Symantec is actually recommending people uninstall Flash until Adobe sorts this all out.  And lastly, Adobe has no built-in method in flash to warn users they need critical updates, so millions of computers will probably not get this patch for a long time.

Anyway if you are interested in blocking Flash in Firefox, it’s easy to do with Flashblock.  In Internet Explorer it’s pretty easy as well, just use the Tools-Manage Add-Ons dialog, select Shockwave Flash Object and then the Disable radio button.

Maybe now is a good time to try out Silverlight?  And once you install it, check out the Hard Rock Cafe Memorabilia collection!  It uses some awesome Deep Zoom technology built into Silverlight.

Update:  I’m honored that an adobe employee found the time to comment on the inaccuracy of the posting.  Unfortunately, its very accurate, and his statement are inaccurate.  Adobe actually did patch the wide spread exploit in April, however, as I mentioned, Mark Dowd found a way around the patch, and published his findings in this PDF document.  This is what the Chinese attackers used.

Also, it does install a Trojan on the machine.  A Trojan is “is a piece of software which appears to perform a certain action but in fact performs another”.  A Flash file is downloaded onto the users machine before being run, and runs inside the flash runtime.  Theirfore, yes indeed one could call this a Trojan.  You can read the articles over the net.  Here is one explaining the Wow.UB Trojan (The official classification).

Also, its World of Warcraft, not World of Warfare. And lastly, I love flash by the way!  No plugin or browser for that matter has ever had the success the flash player has had!  Very impressive! However, there is an issue with the older players now, and people should just make sure they have the latest patch, that is all.

If you are curious what sites had the trojan flash files, you can check on shadowserver.

Filed Under: Real World News
  • http://blogs.adobe.com/jd John Dowdell

    Thanks for reminding people to keep their internet software current, but you might wish to research the incident a bit more.

    20,000 mainstream website domains were indeed apparently hacked, but with HTML injections. These good sites were carrying bad instructions… unpatched servers were the main way the gang infected thousands of websites’ HTML.

    What did that HTML do? Point to two servers in China, which hosted malformed SWF which, in back versions of Adobe Flash Player, could take advantage of a novel null-reference injection popularized in the blogosphere two months ago. Those two SWF-hosting servers were taken down pretty quickly, so all the infected HTML on websites was rendered useless. The goal? Apparently, to steal World of Warfare passwords, to then steal virtual equipment, for resale in realworld capital markets.

    What you wrote here is inaccurate… can you research and correct?
    “What the flash file will do is install a Trojan on your machine, and send the server passwords, and possibly other data.”

    tx, jd/adobe

  • David Kenedy

    I am actually a Macromedia Flash fan, but I have to say I find your comment funny. first of all, It’s World of Warcraft… I’ve never heard of this “Warfare” game you speak of. Second, the exploit could be used to do exactly what the blogger talks about, it’s a good thing it wasnt bad. Third, IBM published the vulnerability weeks ago. Forth, ya SQL Injection attacks are up.

    And last, there is nothing inaccurate in this post… lol… There is however a few things inacurate in yours.

  • Miguel Carrasco

    Hi John,

    Thanks for the comments. I have clarified the comments. Keep up the great work with Air/Flex! Nice to see where you are taking the technology, especially Actionscript.

    Miguel Carrasco

  • http://blogs.adobe.com/jd John Dowdell

    Sorry, you really do need to research more.

    1) Mark Dowd held back his null-reference paper until after Player 9.0.124 addressed it. I wish he had held it back a few months more, so the population could be updated, but sic transit gloria mundi. His paper was cited as the blueprint for this China attack, but as Symantec has clearly backtracked, the attack fails in current software.

    2) Yes, SWF files are downloaded before being played in the browser. HTML files work the same — you need to download it before it is locally rendered. No, that does not make either of them “a trojan”.

    3) Yes, if you used unpatched software and visited one of the 20,000 infected HTML websites, and did so before the two SWF-serving sites in China were shut down, then it might have downloaded an additional file to your machine. That would be less a trojan than a drive-by download, such as Safari currently enables from straight HTML. But the two Chinese servers were the chokepoint, and were efficiently removed from the web. Your practical exposure was zip.

    4) And yes, I typo’d “warfare”, as I later noted in my Twitter citation. Horrors.

    We’ve still got a problem of lots of compromised webservers out there, hosting HTML instructions without their owners’ knowledge.

    We’ve also got a problem of journalists and bloggers popularizing a story without thinking about it, investigating it, confirming it for themselves. Adobe Flash Player does not “grab your files”. But the headline certainly grabs your attention.

    jd/adobe

  • http://www.realsoftwaredevelopment.com Miguel Carrasco

    Thanks John,

    By the way I read you blog and follow your twitter. There seems to be a lot of confusion around what really happened, even Symantec and McAfee have “changed” their stories. Bottom line, nothing is secure, we just need to be able to inform our users quickly when they should patch. I’m sure the same thing could happen in Silverlight and Flash. Hopefully Microsoft and Adobe both figure out a way to deal with these kinds of threats better. Would be awesome to have the ability to force patch these kinds of things.

    Truth be told, Silverlight and Flash, along with Air/Flex and WPF are at the forefront and I believe to be the future of the cloud computing internet. I just hope we all figure out better ways to patch users quickly, when threats like these are identified. Being in software development for nearly 15 years myself, I know it’s easier said than done.

    Pleasure to chat about this by the way!

    Miguel

  • http://blogs.adobe.com/jd John Dowdell

    “There seems to be a lot of confusion around what really happened, even Symantec and McAfee have “changed” their stories.”

    Yes, agreed, thanks. But even today I’m seeing fresh news headlines with only the older, incorrect information. And lots of people never read beyond the headline. Significant problem. :(

    jd/adobe

  • Michael

    Well given the pro-Silverlight view of this site(which I almost wonder if they aren’t being paid by MS to drone on and on), it’s no wonder they are critical of Flash.

  • tiffany

    Video to iPad Converter-best Video Converter for iPad for Converting Video for iPad with high quality. Guide on How to Convert Videos to iPad and Convert Movies to iPad.
    Free download best MTS Video Converter/MTS Files Converter for converting mts files without losing quality. It also enables you to capture mts video files.
    Free downlaod M2TS Video Converter/M2TS File Converter,the best Converter for M2TS, to convert m2ts files to all kinds for formats with high output quality.

  • http://www.monclerjacketsell.com Moncler4u

    Moncler jackets are not ordinary.

  • champion118

    wholesale hair extensions
    wholesale hair 3. Wigs and Falls — If you want to look presentable while your natural hair grows out, go undercover and wear a wig. Available in human and synthetic
    wholesale human hair
    wholesale hair weave hair, wigs come in flattering styles and can be cut to compliment your face. To avoid damage from wearing a wig over a long period of time, be sure to shampoo, breakage from friction.
    manufacturer of hair extensions
    manufacturer of human haircondition and neatly braid your own hair first and wear a stocking cap. Avoid wearing wigs too regularly, or they will cause thinning at the temples. As often as possible, remove the wig and let your own hair breathe. Massage your scalp, especially at the temples, with a light, herbal oil or cream. Wear a silk scarf or use a satin pillowcase at bedtime to avoid
    manufacturer of hair weave

  • http://www.findingdream.com/wholesale-hair-weave-extensions wholesalehair

    wholesale hairIt functions as Britain's central bank, working in close contact with the government for the control of monetary policy and for giving directives to commercial banks. It is the only note-issuing bank in England and Wales (Scottish and Northern h^eland banks have their own issuing right). It is also responsible for keeping the
    wholesale hair weave
    exchange rate of British Pound against other currencies within certain limits by operating an Exchange Equalization Account. The bank has its headquarters in the City of London or the "square mile". Headquarters of many commercial banks are also located in the city. Besides the Bank of England, Britain has many commercial banks.wholesale hair extensions

  • zara

    Cheap Louis Vuitton provides our customers with 100% satisfaction service and welcomes any excellent advices brought by our customers. You could find the several of new things with top quality which display in your eyes in Louis Vuitton Outlet,

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html long lace front wigs

    potentially use the system. He and Wallace were concemed that All the managers now on the system had been well known to Batchelder, Culpepper, and Jones. As more people used the EIS, Batchelder knew these characteristics would change.

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html cheap long wigs

    Batchelder anticipated that EIS growth would make system maintenance more dicult. The EIS also proved a catalyst for other new systems. The MIS/OA&C group, which had started in 1985 with

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html cheap wigs for sale

    25 people, had grown t0 50 by 1988 and was responsible for more than 25 commercial systems development projects that involved computer support for managers, the management of

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html celebrity wigs

    It is pitiful to think that that is how these men spend their lives putting drops of nicotine on the tongues of cats day after day. Slaves to a habit, is the wayl look at it. But if you tell them that and ruge them to pull themselves together and throw off the shackles, they just look at you with fishy

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html Beyonce lace wigs

    power. If they were to say to themselves, "I will not start putting nicotine on cats' tongue till after lunch" it would be a simple step to knocking off during the afternoon, and by degrees they would find that they could abstain altogether. The first cat of the cats is the hard one to give up.

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html Beyonce wigs

    Conquer the impulse for the after-breakfast cat, and the battle is half won.
    Common Sense about Smoking It is often said, "I know all about the risk to my health, but I think

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html Beyonce wigs

    that the risk is worth it." When this statement is true it should be accepted. Everyone has the right to choose what risks they take, however great they may be. However, often the statement really means, "I have a nasty feeling that smoking is bad for my health but I would rather not think about

  • http://www.full-lace-front-wigs.com/wavy-full-lace-wigs-1-20inch-w401-p-308.html Indian lace wigs

    it With some of these people the bluff can be called and they can be asked to explain what they think the risk to their own health is. When this is done few get very far in personal terms. The bare fact trhat 23,000 people died of lung cancer last year in Great Britain often fails to impress an

  • defgrhh

    1. Almost all the small commodities factories of china yiwu market suppliers have selling shops in Yiwu market. 2. There are many buyers yiwu wholesale market who are purchasing in Yiwu market in every country.

    Yiwu agent,professional Yiwu Agent,Yiwu buying agent yiwu suppliers,Yiwu source agent,Yiwu jewelry agent,help you import yiwu manufacturer goods from China very easy.

  • http://www.coachbagsonlinesale.com/ coach small bags

    The coach is located in the brand discount of all over the world, in many places the store chain.coach outlet stores online they sell the same coach, handbag, wallet and other with incredible low-cost products.coach handbags coach brand discount store provide direct selling the project, the lady design with very low price to buy the opportunity. They have many different design, style, color, texture and size options for the save a lot of money. coach outletcoach products is one of the famous brand garment industry to seek after the brand discount brand and provide a fascinating accessories, need not spend too much.Coach necklaces most of the time middle class belongs to the rich and famous from the kind of social classes of female people just use the design is the handbag. Usually, the woman in the higher social just extraordinarily brave wallet and delicate coach handbags.coach small bags but now, the best coach products belong to women's many fantasies are available.

  • http://www.discount-juicy-couture.com/ cheap Juicy Couture

    it contains many useful information for me.

  • zara
  • http://www.womanrayban.com replica
  • http://www.hasdress.com/ hasdress

    Great post, thank you very much,

  • http://www.alijewelry.com cartier bangle
  • http://www.shopmaccosmetics.com mac cosmetics
  • http://www.donfljerseys.com wholesale
  • http://www.shopmaccomestics.com Mac lipstick
  • http://www.goodcoachshop.com coach bags
  • http://www.hotcheapoakleysunglasses.com sunglasses

    that is what will happen each and every time I consider that and wished to say that I have really liked reading your site posts. http://www.hotcheapoakleysunglasses.com

  • http://www.guccihandbagscheap.org Cheap Gucci Handbag

    We authorize Cheap Gucci Handbag online retailer, gucci handbags let you become the focus of world attention, or company to put forward the proposed Gucci Handbags Sale fashion,. All the products should be here discount gucci handbags is free on the boat, you can find the latest style on the site, enjoy big discount, we each month of Gucci Messenger Bags product promotion, just to save our customers more money, Gucci Joy not including tax much cheaper, almost 60% of the local store, many customers. Gucci Jackie welcome you to choose goods Gucci Boston of love.

  • http://www.coachoutlethotstore.com/coach-boots-c-77.html coach boots

    Welcome to our coach outlet .Coach as a main competitor in <a

    href="http://www.coachoutlethotstore.com">coach factory outlet.Creation from fashion brands to the portal based around <a

    href="http://www.coachoutlethotstore.com">coach bags,Coach Outlet in terms of production quality and fabrics are under a lot of effort.Coach bagas

    a major flagship brand products,not only versatile color,but also with coach outlet stores to spend a

    lot of coach boots.Like Coach Poppy Bags series,not only a variety of

    styles,but also so many lovely girls embarked on a fashion line.coach

    handbags not only opened the door of fashion,it is convenient for the masses of the road.

  • http://www.purselongchamp.com/ Longchamps handbags

    The development of the brand, the Longchamp world has become more and more popular.Longchamp purseour signature at

    the art fabrics, can change in options, and luxurious shimmering detailed information, and add a modern the freshness of classic bag. Longchamps handbagsliteral translation for "tree of life" and of mountain,

    ancient Sanskrit means "the view" India's influence. Look at India inspiration and reach mountain this season has brought France to collect the flavor of the core of Indian

    culture. Petals laid the necklace is as worship the gods of the ceremony. handbags and

    luggagethis type of flower is in perfect harmony with the traditional Indian an interesting and frivolous accessories, make your summer closet.Longchamps ladies purse characteristic accessories and package, and even carry luggage, LONGCHAMP

    socket has set up a file in the characteristics of many publications. If you dress in France in the street look carefully, you will find that, rarely processing Louis vuitton

    bag lady.Foldable longchamp bag The most popular brand is Longchanp bag. Have

    this brand of all kinds of bags, in gorgeous color and different size. Even teenage girl with the brand of the bag bag and mother as a family bag, the baby care bag. Longchamp

    bags is highly favored customers, in each age, so we can in this brand as the French national bag brand.

  • http://www.echeapraybansunglasses.com/ ray ban outlet

    find cheap ray ban aviator products on the ray ban sunglasses store, then you can see the fashion aviator sunglasses, enjor to buy raybands gooo.

  • http://www.moncleroutletspace.com danna

    The Moncler manufacturer moncler jackets on sale supply us with all kinds Moncler,including Moncler jackets Women,Moncler vest Men and Moncler jackets kids. cheap moncler jackets Moncler Mens Jackets moncler men jackets style is rather simplistic,nothing more than the length of sub-section,and whether the cap and a sleeveless divided.Beacause we have the cheapest and highest quality,take action quckliy!This kind of Moncler Vest Women moncler women jackets is the latest popular,unique style and very fashionable.Moncler outlet offer this good opportunity for new and old customers.Moncler vest for men in puffer and boom style which advocate lots of warth for you cozy winter.Dress up youself in a changeable style may be what most of us want.Occasionally my mom purchased herself a trendy blue women Moncler moncler outlet right down Jacket which is created with newest factors belonging to the vogue, current moncler moncler jackets right down jacket long or brief all demonstrate endlessly charming

  • http://www.montblancpens2u.com mont blanc pens

    a good article!
    mont blanc pens

  • http://www.montblancofpens.com/ mont blanc pens

    Your blog is so nice that every one would feel pleasure to post comments. So am I. Thanks. Keep sharing the similar posts which we feel happy !! fake oakleys

  • http://www.belstaff-jacket.org.uk/ belstaff uk

    His message perplexed his mind to that degree that he was fain, belstaff jackets several times, to take off his hat to scratch his head. belstaff uk
    Except on the crown, belstaff outlet which was raggedly bald,cheap belstaff jackets he had stiff black hair, belstaff leather standing jaggedly all over it,belstaff jackets sale
    and growing down hill almost to his broad, blunt nose. It was so like smith's work, so much more like the top of a strongly spiked wall than a head of hair, that the best of players at leap-frog might have declined him, as the most dangerous man in the world to go over.

  • http://www.abercrombiefitchsales.uk.com/ abercrombie

    Pursuing for abercrombie and fitch cool, unique, stylish and innovative. Whether it is abercrombie and fitch sale or fashion accessories all means a lot for modern society of today. Same is the case with trendy looking abercrombie sale. When these are abercrombie and fitch uk, the excitement just gets doubled. Most chic looking abercrombie and fitch uk sale are in fashion now. These are one of the favorite fashion accessories for men and women long time ago. If you have not yet tried abercrombie uk, it's time to own one and feel the difference it can make to your personality. These are just brilliant and fabulous abercrombie & fitch sale. They are most iconic and can provide you with a new feeling and enhance confidence.

  • http://www.adidastrainersuk.co.uk Adidas Trainers
  • http://www.beatsbydrdre-france-sale.fr Casque Dr Dre
  • http://www.borselouisvuitton-italy.com borse louis vuitton

    infatti, ci propone sempre delle borse louis vuitton decisamente interessanti, che vengono scelte ogni giorno dalle celebrities più in vista, ma anche dalle fashion addicted che non vedono l’ora di sfoggiare uno dei must have del fashion brand. Brand che con questa louis vuitton sito ufficiale ci propone un look assolutamente delizioso. borse vuitton– semplice ma chic al tempo stesso, per essere glamour in ogni occasione. Il noto marchio di tendenza famoso nel mondo propone la sua nuova collezione louis vuitton outlet primavera-estate 2011

  • klkkff

    Famed for fashionable design and top quality, our Louis Vuitton Outlet Bags still stand in the front of the brand bags. As a great Louis Vuitton Outlet Online in the east london with strenth and credit, we can assure you that all our products are in top quality. You can find Louis Vuitton Outlet Handbag and Louis Vuitton Outlet Online Clothing with stylish design and exquisite craftsmanship offered in our Burberry Outlet where you can enjoy the 100% satisfaction service. Here, you can also find a variety of Louis Vuitton Online Sunglasses with excellent quality sold at favorable price, which can show off your personality completely. There are numberless Louis Vuitton Online, most of people are wondering to look for the best products and we believe we are the excellent one. Welcome to sign in our website, we will meet all your reasonable demands and inquiry.

  • http://www.nicemoncler.net moncler jacke

    When It Comes to Snowboard Jackets, moncler jackeIs Gore-Tex the Best Option? moncler jackeThe technology behind snowboard jackets has changed drastically in the past few years.moncler jacke It wasn’t long ago that if you wanted to stay warm up on the slopes youmoncler jacke

  • http://www.louisvuittononlines.org/ LV BagsLV Bags

    and lives. For instance, if someone buys some fake medicines, it may not cure him

    of his illness, onthecontrary,<ahref="http://www.louisvuittononlines.org/"title="LV

    Bags">LV Bagsit may probably make his illness worse or even put an end to his

    life. Besides, fake commodities<a href="http://www.onlines-

    louisvuitton.org/"title="Louis Vuitton Handbags">Louis may impair the profit of

    the manufactures who<a href="http://www.onlines-louisvuitton.org/"title="Louis

    Vuitton Handbags">Louis Vuitton Handbags produce