Currently, there are many reports of Adobe’s Flash Player being exploited by malicious Shockwave Flash (SWF) files hosted on websites. It was thought initially to be a zero-day threat – i.e. it may affect the current version of Flash (9.0.124.0), but there is now some uncertainty over this. Adobe is aware of the issue, but is yet to release a detailed report.
The attacks are linked with the recent mass SQL injection attacks, where some of the affected websites share the same domain names with this latest Flash attack. The folks at shadowserver.org have a list of the current domains and filenames being used.
Administrators should consider blocking these domains at the gateway. All users should ensure Flash Player is updated to the latest version here. Other things users can consider are:
- Run NoScript and or Flashblock in the browser (Firefox)
- Disable Flash in the Mange Add-Ons area of your browser
Some useful further information on this issue can be found at the following links:
Adobe Product Security Incident Response Team Blog
SANS Internet Storm Center
Dancho Danchev’s Blog
