More evil flash banner ads, this time they will hijack your clipboard.

More evil flash banner ads, this time they will hijack your clipboard.

It's been a while since we talked about banner ads being hijacked for malware spreading, sadly this does not mean that such banner tricks aren't around anymore. Here's a new twist - booby-trapped Flash banner ads can hijack your clipboard - feeding it a hard-to-delete (you must quit your browser) URL that points to a fake anti-virus program. If you are the type who copy-pastes a lot when you surf around the web, this will be super annoying.
Mac users, don't look smug - it affects us too. Apple forums has some discussions on it:

This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:
https:// ----evilsite-------
And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.
The System.setClipboard() method allows a SWF file to replace the contents of the clipboard with a plain-text string of characters. This poses no security risk. To protect against the risk posed by passwords and other sensitive data being cut or copied to clipboards, there is no corresponding “getClipboard” (read) method.


Right, except of course when people but evil URL's in your clipboard and trick you into visiting bad sites that way. Should we stop copy-pasting or will Adobe come to their senses and create a dialogue window warning that the clipboard is being used like they do when the Camera.get() or Microphone.get() are called?

In a related bad-viral outbreak, the website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware (this is not in the banners, but in the web pages). Worse, Help Net Security reports that "Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site." Clean it up already! Here's a demonstration video showing what happens.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AdLand.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.