This site is now just an archive over the rise and fall of Flash. The domain is available for sale
Login | Register
Flash exploit served by Microsoft

Flash exploit served by Microsoft

Two months ago, we wrote about a Flash Player exploit that could potentially cause havoc. Today it was known that the Norwegian MSN site served out malware ads to thousands of users, hidden as part of of a Honda commercial. Checking the ad content is obviously the responsibility of the ad network and it scares us that they don't understand the need for this.

According the The Norwegian version Computerworld, anybody visiting the last couple days may have gotten the malware payload - a trojan named Virtumonde. It's unlikely that Honda is aware that their ad is spreading the trojan, but what happens is that a small program is installed on the computer. The trojan is impossible to detect for the average user, it's silently installed without you noticing.

Security analytic Jan Roger Wilkens at Telenor says "The software is started right away and waits for commands about virtually anything - from sending spam, capturing passwords, banking details - it can do pretty much anything". He also notes that "It's tragic that it's probably Microsoft's most profiled site in Norway that spread this." Ironically, only Microsofts own operating systems are affected by the trojan. (Note: According to Symantech's listing for VirtuMonde, it's less aggressive that indicated by Wilkens in the ComputerWorld article. It could be a more recent version though)

Microsoft responded by closing down the entire ad system for a short while, but it took several hours until the ad containing the trojan was fully removed (apparently due to a lag in the system). Microsoft Norway says they will now go through their routines to ensure this never happens again.

This is an exploit for the bug we wrote about two months ago and it is scary that ad networks isn't taking this seriously. Most web users surf websites filled with ads and checking ads for malware is fairly easy. It's never been more important to check the content you receive from third parties and any network not screening SWF files and Javascript before putting them in their system is risking their reputation. If a network serves malware ads like this, they'll certainly loose the client but they could probably even be sued according to american laws. It is after all them who infects the users machine by not following publicly available advice and screening content before delivering it.

Hackers are constantly working to find security flaws in software and since the Flash Player is the worlds most distributed software, it's a prime target. Hackers are not the only ones discovering bugs as well. Advanced users occasionally find unpatched security holes like this one and in general, Adobe responds quickly. The exploit will work on all but the very latest version of the Flash Player, so all Flash Player users are urged by Adobe to upgrade to this version as soon as possible.


Get new stories first

Click to follow us on Twitter!



No comments for this page.

Submit a comment

Only registered members can comment. Click here to login or here to register