2025-10-26, 15:53 *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
Pages: [1]
  Print  
Author Topic: Serious Security Flaw in Adobe Flash  (Read 16210 times)
0 Members and 1 Guest are viewing this topic.
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8833

WWW
« on: 2009-02-26, 02:29 »

Quote
According to iDefense Labs, remote exploitation of the vulnerability in the Flash player could allow an attacker to execute arbitrary code with full user privileges. That means anything you could do with your PC, the attacker could, too.
http://tech.yahoo.com/news/nf/20090225/tc_nf/64910

Be careful what you click on.  If you're using a Mozilla-based browser, I highly recommend the NoScript extension, which allows powerful control over javascript and blocks Flash by default.  You can easily whitelist trusted sites.
Logged


I fly into the night, on wings of fire burning bright...
Moshman
 
Beta Tester
Vadrigar
**********
Posts: 615

Yarg!

« Reply #1 on: 2009-03-02, 01:20 »

What the shit?
You mean to tell me that if there's some stupid advertisement in flash, someone could use that .swf to control my PC, even get my personal infos?

Damn.
/installs NoScript extension
Logged

ReBoOt
Mean ol Swede
 
Team Member
Elite
****
Posts: 1294

WWW
« Reply #2 on: 2009-03-02, 07:41 »

im looking forward to fix these computers once comprimised Slipgate - Tongue..or not..but then again i usually like hackers n virus makers since they create work for us even thought removing viruses and exploits aint that much my favorite but moneys is moneys Slipgate - Smile

Anyways time to update your flash ppls!
Logged
Pigwidgey
 
Dopefish
*
Posts: 5

« Reply #3 on: 2009-03-08, 04:25 »

Thank god I have antivirus, antispy, identity theft protecter, and computer repair plus firewall all running 24/7 on my computer. Doom - Thumbs Up!
Logged
Angst
Rabid Doomer
 

Team Member
Elite
***
Posts: 1011

WWW
« Reply #4 on: 2009-03-08, 19:05 »

It's actually notably worse than a number of places will credit.

I've had a number of machines recently succumb to this particular exploit. Between Java, Flash, and Adobe Reader.

Any one of the 3 above are a potential infection vector right now, and one of the more popular bugs caught in this fashion is good 'ol Virtumonde. Occasionally you'll catch a search redirect or popup app on top of it.

Malware is easy enough to clean, but virtumonde annoys the !#$% out of me. Academically, it's a tenacious bug, but it's a tough one to protect against and reinfection is all but guaranteed. I've had strains of this bug go so far as to pose as a legitimate cached windows update, being almost indetectable until you reboot and find yourself reinfected. On top of that, if you get one of the particularly nasty ones, it will also disables any and all antivirus software, as well as updates, and even the domains associated with useful removal tools.

FYI, I believe there was a remote infection exploit involving this as well, allowing a 3rd party to infect ads and the like.
Logged

"Who says a chainsaw isn't a ranged weapon?"
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8833

WWW
« Reply #5 on: 2009-03-08, 20:45 »

You know you never had this problem with the old Atari 2600...
Logged


I fly into the night, on wings of fire burning bright...
fourier
 
Hans Grosse
*******
Posts: 267

« Reply #6 on: 2009-03-08, 22:20 »

It's actually notably worse than a number of places will credit.

I've had a number of machines recently succumb to this particular exploit. Between Java, Flash, and Adobe Reader.

Any one of the 3 above are a potential infection vector right now, and one of the more popular bugs caught in this fashion is good 'ol Virtumonde. Occasionally you'll catch a search redirect or popup app on top of it.

Malware is easy enough to clean, but virtumonde annoys the !#$% out of me. Academically, it's a tenacious bug, but it's a tough one to protect against and reinfection is all but guaranteed. I've had strains of this bug go so far as to pose as a legitimate cached windows update, being almost indetectable until you reboot and find yourself reinfected. On top of that, if you get one of the particularly nasty ones, it will also disables any and all antivirus software, as well as updates, and even the domains associated with useful removal tools.

FYI, I believe there was a remote infection exploit involving this as well, allowing a 3rd party to infect ads and the like.

Could not agree more.  Virtumonde is the second most irritating virus I've ever encountered, and it seems to be all over people's computers.

The only virus more agitating (to me at least) really doesn't have a name.  The only file that it always has, though, is ... udxfytw.sys.  Now, to be fair, I believe the thing I encountered was actually a variant of the "normal" one, since absolutely none of the removal software could get rid of it.  I think only one thing could remove it temporarily (which means it wasn't fully removed).

My own methods were better (I think the computer lasted a full week before it came back), but in the end the only way to get rid of it (this is after checking the boot sector, looking for rootkits, restoring all system files from a backup, etc) was to do a format.

Very sad, since, for the most part, I'm able to remove viruses without having to resort to that method (although sometimes the damage done is too great and the system ends up needing a format anyway).
Logged
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8833

WWW
« Reply #7 on: 2009-03-08, 23:13 »

I haven't had the misfortune to encounter either of those two, thankfully.
Logged


I fly into the night, on wings of fire burning bright...
ReBoOt
Mean ol Swede
 
Team Member
Elite
****
Posts: 1294

WWW
« Reply #8 on: 2009-03-09, 19:14 »

I know all about virtumonde since i can't even count all the computers i've disinfected from that shit. However its not that hard to kill really, use the tools combofix, then scan with malwarebytes anti malware and after that use trend micros hijackthis! and delete any registry key refering to (no file) and delete keys pointing onto winlogon process.

Of course you use the tools on your own risk Slipgate - Smile

so far most virtumonde infected computer has been infected due to lack off updating java so if you have java installed (which most do) keep it updated!
Logged
Pages: [1]
  Print  
 
Jump to: