Adobe Flash fingered in malware clipboard trickery

Stephen Withers
Wednesday, 20 August 2008 09:22

Your IT - Home IT

Malicious Flash content appearing on otherwise legitimate sites may be to blame for sending users to malware-laden web pages.

The widespread occurrence of Flash ads in the streams delivered by major advertising networks through affiliated web sites means millions of users risk falling foul of the scam.

According to security vendor Sophos, many users have found that if they copy a URL from certain legitimate sites and then try to paste that link, what actually appears is a completely different URL.

In cases that Sophos has investigated, the destination site generates a bogus warning that the computer is infected with malware and offers to clean it - at a price. The same trick could be used to drive traffic to sites that really do download malware to visitors' computers.

While it is relatively unusual to copy a URL from a web page and then paste it into a browser (unless you are looking for differences in the way the page is rendered), it's common to paste a URL into a document (eg, in Word or PowerPoint), into an email or instant message to share the page with a friend of colleague, or to include it in a comment in a blog or other web site.

Since the problems start after visiting legitimate sites, Sophos officials speculate that the attackers have managed to poison Flash content in an advertising stream with code that modifies the clipboard.

While Flash offers a method for setting the system clipboard, it does not provide a method for reading it "because of security concerns," according to Adobe's documentation.