A security hole in Flash that was patched by Adobe at the end of July last,
is still being abused for directed attacks,
for which a recently found exploit can disable various security programs.
Meant is a malicious Flash film that comes attached to a PDF file.
As soon as the victim opens up the document,
the exploits tries to disable security software it finds.
Then it starts to collect privacy data,
like information on the Operational System,
CPU speed and type, number of disks to write to,
accountname of logged in users and login data of various programs,
e.g. MSN Messenger.
Backdoor
Through backdoor functionality the malcreant can give new commands.
One of the instructions tells the malware to be copied to all external disks,
just like a worm does.
“This functionality can infect a network,
like seen with Conficker”, according to McAfeee’s Dennis Elser: http://www.trustedsource.org/blog/296/From-Targeted-PDF-Attack-to-Backdoor-in-Five-Stages
From a security point of view adding Flash means an added attack vector,
to be used by attackers to remotely control a vulnerable OS.
“Like history has shown, complexity and features add to remote exploitability
Latest PDF features do the same.”
Even password protected security software is vulnerable.
The exploit will hook certain functions of the av scanner
disabling it or simply crashing the software.
I know Kaspersky has a good protection against this,
I hope avast has too,
Make sure all old versions of Flash are removed
1.Download the Adobe Flash Player uninstaller:
• Windows: uninstall_flash_player.exe (205 KB) (updated 7/30/09) http://kb2.adobe.com/cps/141/tn_14157.html
Note: The uninstaller cannot remove files currently in use.
If you have any instances of the player open in your web browsers, instant messaging clients, stand-alone SWFs, or projectors, then the uninstaller will complete but some files may not be deleted. If this occurs, then close all of your applications and run the uninstaller again to ensure that all files are removed.
Note: Internet Explorer users may have to reboot to clear all uninstalled Flash Player ActiveX control files. If you’re not certain, select the “Show Details” button in the Flash Player uninstaller. If there are any log lines that begin with “Delete on Reboot…” then you’ll need to reboot BEFORE running the Flash Player installer again.
Install Secunia PSI
THE DIRTY DOZEN !
Are you part of a sad statistic? The average user without the Secunia PSI has 12 insecure programs installed on their PC! [ Read the blog ]
VULNERABLE ?
Did you know that many of the hacker attacks and security threats today exploit software vulnerabilities and code flaws?
WHATS ON YOUR PC ?
The typical user has 80 programs installed. Do you know which programs you have installed? Do you know which programs expose you to security threats?
SECURE ?
Is your PC secure? Do you have all the latest security updates and patches?
PROTECT YOURSELF !
Security patches are usually free and available for download from the program vendors. Let the Secunia PSI pinpoint exactly which patches you need to secure your PC.
The Secunia PSI is a free security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs.