Clipboards hijacked in web attack

The forum for general posting. Come join the madness. :)
Post Reply
Message
Author
User avatar
Bob Juch
Posts: 27071
Joined: Mon Oct 08, 2007 11:58 am
Location: Oro Valley, Arizona
Contact:
Contact Bob Juch

Clipboards hijacked in web attack

#1 Post by Bob Juch » Mon Aug 18, 2008 6:58 am

Computer security firms are warning about an attack that hijacks the clipboard where copied text is stored.

The attack puts a hard-to-delete weblink into the clipboard that, if followed, leads people to a website selling fake security software.

The code that inserts the link has been found in flash-based adverts seen on many legitimate websites.

The attack on the clipboard has hit both Windows and Mac users of the Firefox web browser.

Fake software

The attack has come to light as victims log reports in discussion forums of a weblink that appears in the clipboard in place of text they thought they had placed there.

It seems to work by exploiting Adobe Flash files used to make display adverts in such a way as to endlessly flush the clipboard of other text and constantly re-insert the malicious link in its place.

Getting rid of the link has proved problematic. Some report resorting to re-booting their machine to free themselves of it but others stopped it by killing the Firefox process thread.

"It's an interesting attack, but doesn't seem to be very widespread at the moment," said Mikko Hypponen, chief research officer at security firm F-Secure. "I don't remember seeing this before."

"It is a pretty clever technique," he said. "Our work would be so much easier if our enemy would be stupid."

Chris Boyd, director of malware research at Facetime Security, said he had been following the attack for several days.

Mr Boyd said he had seen many spam e-mails being sent out that had links to sites hosting the booby-trapped adverts.

"There's been quite a rash of rogue antivirus hijacks lately related to the fake CNN/MSNBC spam," he said.

Those following the link get taken to a page advertising a bogus anti-virus security program that erroneously tells people their machine is riddled with malicious software.
I may not have gone where I intended to go, but I think I have ended up where I needed to be.
- Douglas Adams (1952 - 2001)

Si fractum non sit, noli id reficere.

Teach a child to be polite and courteous in the home and, when he grows up, he'll never be able to drive in New Jersey.
Top
User avatar
ghostjmf
Posts: 7437
Joined: Tue Oct 09, 2007 11:09 am

#2 Post by ghostjmf » Mon Aug 18, 2008 4:59 pm

I in fact got that after visiting a particular site (don't remember using the clipboard, but who knows). As always, I killed the browser. It looks like its gone.

"Fake security" (YOU MUST INSTALL THIS NOW!!!!!) is one of the oldest web scams.
Top
User avatar
Estonut
Evil Genius
Posts: 10495
Joined: Sat Oct 13, 2007 1:16 am
Location: Garden Grove, CA

#3 Post by Estonut » Mon Aug 18, 2008 5:03 pm

ghostjmf wrote:I in fact got that after visiting a particular site (don't remember using the clipboard, but who knows).
As I understand it, you don't have to use the clipboard to get it. That's the target of the attack.
Top
Post Reply

Return to “WWTBAM Bored Posts”