It's been a while since we talked about banner ads being hijacked for malware spreading, sadly this does not mean that such banner tricks aren't around anymore. Here's a new twist - booby-trapped Flash banner ads can hijack your clipboard - feeding it a hard-to-delete (you must quit your browser) URL that points to a fake anti-virus program. If you are the type who copy-pastes a lot when you surf around the web, this will be super annoying.
This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:
And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.
It's easy to use Flash with ActionScript code to load a malicious URL into a target clipboard says security researched Avid Raff and demonstrates it here (non-evil URL but at that link he will show you the clipboard hijack). See there is a snippet in Flash that you may use called System.setClipboard(), I have no idea what that was originally intended for. Flash documentation reads:
The System.setClipboard() method allows a SWF file to replace the contents of the clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to clipboards, there is no corresponding “getClipboard” (read) method.
Right, except of course when people but evil URL's in your clipboard and trick you into visiting bad sites that way. Should we stop copy-pasting or will Adobe come to their senses and create a dialogue window warning that the clipboard is being used like they do when the Camera.get() or Microphone.get() are called?
In a related bad-viral outbreak, the website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware (this is not in the banners, but in the web pages). Worse, Help Net Security reports that "Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site." Clean it up already! Here's a demonstration video showing what happens.
So what can you dear end user do? Reject all flash based banner ads (which will mean that you'll miss out on those cool Applebanner ads) - either by rejecting flash outright or using ad-blocking plugins.