A recent vulnerability in the latest Adobe Flash version lead to a massive attack. More than 220000 pages on the Internet have been hacked most likely with an automated tool using a SQL injection attack. Those pages, some of well respected companies such as Nokia but also many non-profit organizations and town websites, redirect the user to websites that host the exploits for the Flash vulnerability.
If the system meets the requirements the exploit is used to download and execute trojans that steal information and droppers that download additional trojans. Information that are stolen are for example World of Warcraft account information while the droppers download files that add the computer to a botnet. (according to Trendmicro)
Most antivirus companies have already updated their software to disable the possibility that this exploit can be used on the computer the software is running on. Your best bet if you do not use antivirus software is to either disable Flash for now or use an extension like NoScript to block Flash on every domain but trusted ones.
Related posts:
- New Information about latest Flash Vulnerability
- Adobe Reader Security Vulnerabilities
- Mozilla Checks Flash Version After Firefox Updates
- Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability
- Adobe Fixes Critical Shockwave Vulnerability
- Latest Firefox Web Browser Vulnerable to 0-Day Exploit
- Firefox Spyware Add-On Adobe Flash Player 0.2
- Adobe Flash Player Clickjacking Vulnerability
I recommend flashblock :) it just targets flash
I recommend Firefox with noscript, it blocks all scripts from running, not just flash.
It’s actually not one but two latest versions
Adobe Flash Player 9.0.124.0
Adobe Flash Player 9.0.115.0
http://www.securityfocus.com/bid/29386/info