Friday, 23 January 2015 20:18

Zero-day vulnerability affecting Adobe Flash on Windows IE, Firefox Featured


A new zero-day vulnerability targeting Flash-based ads seen when browsing with Internet Explorer and Firefox is actively being exploited by cybercriminals - what can you do?

If you’re running Internet Explorer 6 through 11 or Firefox on Windows XP through to Windows 8.1, and have the latest Adobe Flash installed, you’re at risk of getting infected by malware right now.

This is even if you have your operating system and Flash up to date with all the latest updates and patches, as this is how zero-day vulnerabilities work - Adobe didn’t know there was a flaw and cybercriminals are actively exploiting it.

Trend Micro brought the issue to our attention following a report by a malware researcher named ‘Kafeine’, with Trend Micro seeing the same kinds of malware samples Kafeine had reported on.

Trend Micro says that this new malware is affecting the latest versions of Adobe Flash Player, with Adobe yet to release a patch to fix the problem, with attacked systems finding ad-fraud malware against ad-networks, but which Kafeine says can also be used to install cryptolocker-style ransomware.

The exploit is now part of the ‘Angler Exploit Kit’, which cybercriminals are using to infect computers mostly in the US, with infections also coming from Taiwan, Australia, the UK and elsewhere.

The ad-fraud the current exploit is perpetuating sees program installed which ‘automatically click on certain ads on a certain website, artificially inflating the amount of clicks that ad gets. Since ad networks pay the owner of the website hosting their ads based on the amount of click each ad gets, ad fraud games the system by tricking the hapless ad network to pay more.’

This doesn’t necessarily affect users, but as Trend Micro points out that as malware has been installed onto your system, this malware can be programmed to install other malware in the future - which with ransomware or other malware nasties can cause damage to your files, steal your data or worse.

So, how do you get infected? Simply by going to any site on the Internet that has an infected Adobe Flash banner ad.

Trend’s blog states: “What makes this situation more serious is that the attacks we’ve seen are using banner ads (called “malvertisements”) to spread malware. This means that you can go to trusted sites you expect to be safe and still get malware on your system.”

“These attacks work by attackers targeting and compromising the third-party ad servers that offer the ads you see on legitimate and popular sites. This is a particularly nasty form of attack, one that puts average users at great risk.”

Trend Micro has more detail on this malware at its blog post here

Trend recommends either turning off Flash Player, or if you’re not able to disable it, you can install ad-blocking software.

Kafeine notes that MalwareBytes’ free anti-exploit software also blocks this attack. 

While IE and Firefox are affected, Google’s Chrome browser, which has Flash built-in, isn’t being affected by this threat, or at least, isn’t being affected at the moment.

There’s also no indication that Macs running Flash or Android devices still running Flash are affected, but it’s still worth running security software and applying Adobe Flash patches when they become available, although as Flash isn’t supported on Android anymore there presumably won’t be any updates for Android devices still capable of running Flash.

Naturally, Trend Micro also promotes its own security software, stating that any of its customers running Trend Micro Security, Worry-Free Business Security, OfficeScan, Deep Discovery, Deep Security and the Smart Protection Suites are protected against current attacks using this vulnerability.

Other anti-virus companies are presumably acting to provide protection against this exploit but none have contacted iTWire beyond Trend Micro to alert us of this, so if you’re not running a current and update version of Trend Micro you might want, at the very least, to get the free MalwareBytes anti-exploit software (linked above) onto your system.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments