Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Adobe Flash 10 does NOT stop malvertizement hijacking

October 20th 2008 in Uncategorized

Adobe Flash keeps its title as the “Typhoid Mary of the Internet“.

Kimberley has put in some hard yards, and posted a comprehensive article that proves that Flash 10 is NOT stopping SWF malvertizement hijacks.

You can read all about it here:
http://www.bluetack.co.uk/forums/index.php?s=f3bfcacbac0c1eba459283546fb127e9&showtopic=18064&st=150&p=89649&#

A perfect Flash file is the one that is never loaded by your browser.

In my eyes the “clipboard jacking” is a minor issue, when you paste some text into your browser, post, blog, document … you never review what you did write? Redirects are still working, whether they lead to fake online scanners or download an executable. So what has changed … NOTHING.

Ok, come on Adobe – when are you going to give us a way to turn redirects off ???  There are articles on this blog evidencing the use of crossdomain.xml dated August 2007, and you can be sure that the bad guys were using it before then – it is not a new trick.

Please excuse me while I repeat what I wrote back in February of this year.

Realistically, the only way that we can stop this problem easily is by PREVENTING the very first redirect – preventing that moment when the malicious banner advertisement on a legitimate web page grabs the user’s Web browser and dumps it at a different web site.

Yes, the changes to Flash mean that “the meta-policy default will change from “all” to “master-only” but seriously, what difference does it make?  The moment that a Flash SWF redirects a victim to a domain controlled by the bad guys, the victim is at the mercy of the criminal because “all master policy files (any policy file saved in the root of the domain with the name crossdomain.xml, such as hxxp://example.com/crossdomain.xml) [will] continue to function as expected”.


6 comments to...
“Adobe Flash 10 does NOT stop malvertizement hijacking”

jim

thanks for info on flash

confirms my assessment of flash as a nasty parasitic maggot

flash aka macromedia aka adobe aka a dirty thieving ubiquitous insinuating piece of virus infected excrement



Chuck

Flash 9 was not THAT bad- but, from the day that Flash 10 entered my life- my online time has suffered DRAMATICALLY!
I turn it off and there’s no toggle to turn it back on- so it’s been reloaded 4x with no improvement of performance!
ADOBE– What are you doing?!

There is no way to retrieve my Flash 9 now-
just because it is free sofware doesn’t mean that you can offer a LAME PRODUCT!
COME ON!!!
What EVER.
Jerks.
Ok– thanks for letting me vent!
~Chuck



sandi

@Chuck

IE8 crashes regularly on my system since installing Flash 🙁



zed

Every time I run This Turd… Flash Player 10, My power Options Shutdown for Windows Stops Functioning, and I Have To Restart My PC To Return to Normal Auto Shutdown Function…

I Have Tried Everything to Fix… Damn You Adobe, Wish I Never Updated from Flash 9



Mike

Since installing flash 10, my flashplayer and god knows what else, now belongs to inane porn pushers. I will now flush all flash/adobe related products from my system, regardless of labour, cost, or consequence. I advise you all do the same. FLUSH THE FLASH!



Rich

You think the bad guys are the biggest part of the problem? Take a good look at the Adobe Updater feature of their flash player!!! I don’t trust Adobe as far as I can throw it.


Hit this one today: go-scan-pro.com -78.157.143.184 -Latvia, Vdhost LtdICANN Registar: REGTIME LTD.Created on: 7 October 2008NS: NS1.SITELUTIONS.COMNS: NS2.SITELUTIONS.COMRegistrant:   Petr Bernatzik   Email: feetecho@gmail.com   Organization: Bernatzik Co   Address: Dobevska 877/4   City: Praha   State: Kamyk   ZIP: 14300   Country: CZ   Phone: +420.60176712    Fax: Shared IP:1.  Cokiran.com 2.  Go-iascan.com 3.  Go-scan-pro.com 4.  Goscanpc.com 5.  Ia-free-scanner.com 6.  […]

Previous Entry

  Note: the incident has been reported to a contact at allmusic. Originally discovered by Kimberley. Malicious SWF: web.checkm8.com/Ads/435513/bill_300x250-border.swf Encrypted dynamic text within malvertisement:       From web.checkm8.com we hit clickmatter.net, which loads a “static.gif” which is actually an SWF.  From there I was bounced to windows-scannercenter.com to onlinetds.info and […]

Next Entry

Archives