More evil flash banner ads, this time they will hijack your clipboard.
It's been a while since we talked about banner ads being hijacked for malware spreading, sadly this does not mean that such banner tricks aren't around anymore. Here's a new twist - booby-trapped Flash banner ads can hijack your clipboard - feeding it a hard-to-delete (you must quit your browser) URL that points to a fake anti-virus program. If you are the type who copy-pastes a lot when you surf around the web, this will be super annoying.
Mac users, don't look smug - it affects us too. Apple forums has some discussions on it:
This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:
And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.
It's easy to use Flash with ActionScript code to load a malicious URL into a target clipboard says security researched Avid Raff and demonstrates it here (non-evil URL but at that link he will show you the clipboard hijack). See there is a snippet in Flash that you may use called
System.setClipboard(), I have no idea what that was originally intended for. Flash documentation reads:
System.setClipboard()method allows a SWF file to replace the contents of the clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to clipboards, there is no corresponding “getClipboard” (read) method.
Right, except of course when people but evil URL's in your clipboard and trick you into visiting bad sites that way. Should we stop copy-pasting or will Adobe come to their senses and create a dialogue window warning that the clipboard is being used like they do when the
Microphone.get() are called?
In a related bad-viral outbreak, the website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware (this is not in the banners, but in the web pages). Worse, Help Net Security reports that "Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site." Clean it up already! Here's a demonstration video showing what happens.
So what can you dear end user do? Reject all flash based banner ads (which will mean that you'll miss out on those cool Apple banner ads) - either by rejecting flash outright or using ad-blocking plugins.
Previous Banner ad hijacking reports in Adland:
Banner hijacking still going strong - Adrants now victim to uplothario campaign.
Worst banner ad ever - system doctor takes over the browser
Hacking web banner networks sends banner ads from hated to feared
Please donate to keep adland alive. The Super Bowl Collection is the worlds one and only. It costs a minor fortune to keep up. If you love our efforts, please donate to keep the archive alive. You may also sponsor us with a large banner, advertise yourself as you help save our common advertising history.
Want to join adland?
Create an adgrunt account for 6 USD.
- צור קשר עם קוקה קולה ישראל
13 hours 8 min ago
- אני רוצה ששמי יהיה על בקבוק
19 hours 24 min ago
- Name Asaad
19 hours 27 min ago
- What, no pitchforks and
1 day 9 hours ago
- Worth it for your dream
1 day 9 hours ago
- I could care less about the
1 day 10 hours ago
- Okay, it may be hokey in some
1 day 23 hours ago
- What is the name of the song
4 days 21 hours ago
- With this card, they're
5 days 1 hour ago
- Haha as well as "Why is it?"
5 days 9 hours ago