Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Clipboard hijackings continue – incidents seen at photobucket.com and forums.guru3d.com

October 12th 2008 in Uncategorized

Kimberley pinged me about the incidents -she has a write-up here:

I haven’t been able to reproduce the problem so can’t confirm what the source is. 

There are a couple of things to bear in mind when examining incidents such as this one.

  • If affected by the clipboard hijack, you will not regain control of your clipboard unless and until you close the web page that is hosting the malicious code/SWF that is the source of the hijack.  Therefore, if an affected user has more than one page open, it is important not to immediately allocate blame to the site that the user is currently viewing.  Any page that is open in the background is a potential source of the problem.
  • You do not need to reformat your computer, or take any special steps, to take back control of your clipboard and change its content.  Simply close the web page that is hosting the hijack and then copy fresh content to the clipboard.

The clipboard hijacking problem will be addressed by the Adobe Flash 10 – cite: http://blogs.adobe.com/psirt/2008/09/clipboard_attack_update.html.   Note that the announcement was made on September 10 – let’s hope that Adobe’s idea of “soon” is not too far away.

One comment to...
“Clipboard hijackings continue – incidents seen at photobucket.com and forums.guru3d.com”


Hi Sandi,

I feel at times somewhat excluded from content offered up on the interweb as i predominantly use IE8 64-bit, which still doesn’t have flash and silverlight support – so in effect i’m lucky as well since a lot of these malicious attacks doesn’t affect me.

But, i’ve been thinking lately that these types of “ads” that do have malicious content could be offered up via other means – such as the Live Messenger ad carousel. I’ve not entirely sure, but i do suspect that you cannot turn that off, so wouldn’t that leave me exposed anyways?

Other than that, i’ve actually completely removed the flash player and plugin from my computer at home..

what else can a “home” user do to ensure they don’t get hit by this till it’s been fixed?

Yes, I know this report has been around for quite a few days, but I prefer to let things shake out and wait to see what comes to light before writing, especially when the original information is from a “tipster”. At first, the report was kind of surprising, considering Jellycloud had apparently raised many […]

Previous Entry

The details are below – you will see that a lot of information is redacted. That is because the bad guys *DO* read this blog, and I don’t like to make things too easy for them. The site owner asked for help and has been sent advice on what to look for and what to […]

Next Entry