Wednesday, January 28, 2015

Adobe Flash Malware Crushes Almost All Browsers

Marshall Honorof January 22, 2015

Security researchers find, report and patch so many vulnerabilities that it's easy to forget that some flaws slip by them into the wild before anyone notices — with disastrous results. At least one new zero-day exploit of Adobe Flash has already been built into a prominent browser exploit kit, and can successfully attack a variety of Internet browsers on all widely used versions of Windows.


Adobe today (Jan. 22) released an update for Flash Player patching a new flaw, but it wasn't immediately clear if it was the same one being exploited by Angler.


Avoiding the Angler exploit kit, or any of its fellow browser exploit kits, is not as simple as denying strange downloads or not going to dodgy websites. Because it targets Flash, simply visiting an infected site — and popular, trusted websites get infected often — with Flash enabled is enough to compromise your computer.

Researchers at Malwarebytes discovered that Angler is drafting those infected computers into a botnet and wasting their resources to generate phony ad impressions for shady third parties.


No comments:

Post a Comment