SSS: Security-Sucks » Flash zero-day(CVE-2010-1297) used in mass injections

首頁 > Exploits, General Discuss, Malware Research > Flash zero-day(CVE-2010-1297) used in mass injections

Flash zero-day(CVE-2010-1297) used in mass injections

2010年6月13日 Mars 發表評論閱讀評論

In recent days, the vulnerability of flash(CVE-2010-1297) has been used for drive-by download. Therefore, many websites are injected by malicious links such as (hxxp://2677.in/yahoo.js), and those comprised webistes are intruded by automatic mass injection tools.

TOMTOM WebSite is injected by Malicious link

In most cases, hackers are faster than vendors, so it gives them a great opportunity to build a strong BotNet and be able to control more victims.

The following flow chart shows the attacking path of Zero-Day.

Attacking path of Zero-Day

Attacking path of Zero-Day

Threat Mitigation :

You can temporarily disable or block of the flash.

Here are three useful blocks.

FlashBlock: (firefox)

http://flashblock.mozdev.org/

ToggleFlash:(IE)

http://flash.melameth.com/

CubeMe:(Chrome)

https://chrome.google.com/extensions/detail/ilejdkfldemlafkeebadjppfhdiimbfd?hl=en

Categories: Exploits, General Discuss, Malware Research Tags:

評論 (1) Trackbacks (0) 發表評論 Trackback

Hori

2010年6月14日12:16 | #1

回覆 | 引用

it is very cool stuff.

[回應]

目前尚無任何 trackbacks 和 pingbacks。

APT Never Dies Flash crash caused by bad P-Code modification (CVE-2010-1297)