Thursday, 25 June 2015

New Flash Player Flaw Attacked Through The Link In Emails

A critical vulnerability exists in Adobe Flash Player which yesterday an emergency patch released was attacked from links in emails. That informs the American security company FireEye that the zero-day vulnerability discovered and reported to Adobe.

A China-based group, according to FireEye behind the attack. The attacks were aimed at companies and organizations in different sectors, such as aerospace, defense, telecom, engineering and transport. The targets were emails sent with a link.Remarkably, there is no targeted emails were used, but messages that seemed almost on spam. "Save between $ 200-450 by purchasing an Apple Certified Refurbished iMac through this link. Refurbished iMacs come with the same one-year extendable warranty as new iMacs. Supplies are limited, but updated frequently. Do not hesitate...> Go to Sale , "the text in the message.

The link in the email pointed to a compromised server where the target was profiled via JavaScript. Once the victim was determined downloaded a malicious SWF and FLV file. Eventually this led to the installation of a backdoor. Through this backdoor received the attackers access to the system and the network of the organization was infiltrated. In announcing the emergency patch let Adobe know that IE users on Windows 7 and older and Firefox users on Windows XP were the target of the attack.

No comments:

Post a Comment