[MACEP] Clipboard hijacker running rampant?

Mark Petersen map at mac.com
Thu Aug 21 16:03:05 PDT 2008 

Hi All,

A friend who has a Mac guru to help her with keeping her machine  
running properly, just got this alert from him.  Has anyone else  
experienced this outrage?

Mark
++++++++++++++++++++++++++++++++++++
Latest weakness that can affect Macs detailed below. Don't be afraid,  
just be aware. If you ever get a problem with your clipboard not  
copying and pasting correctly, just restart your Mac to remove the  
problem.

Michael

http://blogs.zdnet.com/security/?p=1733

Adobe Flash ads launching clipboard hijack attack
Posted by Ryan Naraine @ 2:52 pm

Malicious hackers are using booby-trapped Flash banner ads to hijack  
clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running  
Firefox, IE and Safari, hackers are seizing control of the machine's  
clipboard and using a hard-to-delete URL that points to a fake anti- 
virus program.

According to victims on several Web forums, the attack is coming from  
Adobe Flash-based advertising on legitimate sites - including  
Newsweek, Digg and MSNBC.com.
Here is a Mac OS X user explaining the attack:

This has happened to me twice now, on two separate computers at work.  
My clipboard has been hijacked with this:

[ malicious URL deleted ]

And once it's in the clipboard, I can't copy anything else over it  
until I've restarted the machine.

I'm only going to websites that are directly linked off the main page  
of digg.com, so they're not obscure, and I'm surfing in firefox,  
though the system wide clipboard is getting taken over, so I can't  
even copy something over that from a program like TextEdit.

The 5th post on this MSNBC.com forum shows what happens when a victim  
is tricked into pasting - and spamming - the malicious link to help  
spread the rogue security software.

Security researcher Aviv Raff has created a proof-of-concept demo  
(http://raffon.net/research/flash/cb/test.html) to show how easy it  
is to use Flash with ActionScript code to load (persistently) a  
malicious URL into a target clipboard.   (BEWARE: If you click on the  
demo link, your clipboard is automatically hijacked and will only be  
released if the browser window is closed).



Mark A. Petersen    map at mac.com    Portland, Oregon


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20080821/1b2fa719/attachment.html

More information about the MACEP mailing list