If you have Adobe Flash player installed like most people on the Internet, make sure you check your flash version and ensure you are running version 9.0.124.0. If you are running a lower version, your machine is susceptible to sending pretty much anything to the hacked flash applet, and server. Updated your Flash now! That or uninstall it! How many of these rouge flash files are out there? About 250, 000 Web pages. That’s at least how many have been tracked to take advantage of the exploit. There probably are way more. To be clear, these machines have not been exploited using the bug in flash, they however hosted the malicious flash files that would take users private information from their computers.
The worst part about this exploit? You won’t know you have gone to a bad site! What the flash file will do is install a Trojan on your machine, and send the server passwords, and possibly other data, including WoW (World of Warcraft) account information. Another awesome part of this? Since Adobe Flash is cross-platform, cross-browser, there are a ton of computers out there that are open to a massive attack.
While Adobe has now fixed the issue (they are pretty sure anyway), most people won’t get the patch until they run into a site that forces them to install the latest version. If you would like to learn how to create a malicious flash file, just read Mark Dowd’s article from IBM. The other issue is that most times things like this happen, it seems people find workarounds to the fix. Symantec is actually recommending people uninstall Flash until Adobe sorts this all out. And lastly, Adobe has no built-in method in flash to warn users they need critical updates, so millions of computers will probably not get this patch for a long time.
Anyway if you are interested in blocking Flash in Firefox, it’s easy to do with Flashblock. In Internet Explorer it’s pretty easy as well, just use the Tools-Manage Add-Ons dialog, select Shockwave Flash Object and then the Disable radio button.
Maybe now is a good time to try out Silverlight? And once you install it, check out the Hard Rock Cafe Memorabilia collection! It uses some awesome Deep Zoom technology built into Silverlight.
Update: I’m honored that an adobe employee found the time to comment on the inaccuracy of the posting. Unfortunately, its very accurate, and his statement are inaccurate. Adobe actually did patch the wide spread exploit in April, however, as I mentioned, Mark Dowd found a way around the patch, and published his findings in this PDF document. This is what the Chinese attackers used.
Also, it does install a Trojan on the machine. A Trojan is “is a piece of software which appears to perform a certain action but in fact performs another”. A Flash file is downloaded onto the users machine before being run, and runs inside the flash runtime. Theirfore, yes indeed one could call this a Trojan. You can read the articles over the net. Here is one explaining the Wow.UB Trojan (The official classification).
Also, its World of Warcraft, not World of Warfare. And lastly, I love flash by the way! No plugin or browser for that matter has ever had the success the flash player has had! Very impressive! However, there is an issue with the older players now, and people should just make sure they have the latest patch, that is all.
If you are curious what sites had the trojan flash files, you can check on shadowserver.
If you liked this article, please share it on DZone, del.icio.us, StumbleUpon or Digg. I’d appreciate it.
