Adobe investigates clipboard heist

Share this article:
Updated Thursday, Aug. 21 at 2:13 p.m. EST

Adobe said on Tuesday night that it is investigating Flash-based banner advertisements being used to hijack the clipboard program on victim's PCs.

"Adobe is currently investigating potential solutions to this issue and will update customers as soon as we have more information to provide," the company said on its Adobe Product Security Incident Response Team blog.

The attack can occur when users surf to a legitimate website hosting a rogue Flash ad, only to have a malicious URL copied to their clipboard, security experts said. The victims are unable to remove this link, which points to a fake anti-virus product for sale, without killing processes or restarting their computers.

Exploits, first reported on message boards last month, affect all of the major browsers, including Internet Explorer, Safari and Firefox.

Users are advised to deactivate the Flash Player and ActionScript, the programming language of Flash.

Sandi Hardmeier, author of the Spyware Sucks blog, told SCMagazineUS.com on Tuesday that the NoScript add-on in Firefox does not work to prevent against the attack.

A potential alternative is the Flashblock plug-in.

But Giorgio Maone, an Italian software developer, disputed Hardmeier's claims. He told SCMagazineUS.com in an email on Wednesday that NoScript does protect against Flash-based attacks
when set in its default configuration.





Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.