Adobe Flash flaw exploited by malware in Microsoft Excel files
Thursday, August 6, 2009
Security flaws that exist in Adobe Flash are being actively exploited by cybercriminals via maliciously crafted Microsoft Excel files, according to web security researchers at security firm Sophos.
Researchers last month discovered exploits of a Flash vulnerability that could infect PCs with Trojan malware upon opening a malicious Adobe Acrobat PDF file, which caused Adobe to rush a security updates for Flash Player, Acrobat and Reader.
Now Sophos says the malware authors have changed their approach with malware embedded in Microsoft Excel and Sophos expects to see exploits in PowerPoint and Word as well, the SophosLabs blog reported.
"It was only a matter of time before the [antivirus firms] caught up and started blocking suspicious PDFs and so the game has moved onto finding other compound files capable of embedding and invoking Flash objects," Sophos said in the blog.
Flash has also been exploited through malware in multimedia files embedded in websites, according to Paul Royal, principal researcher at Purewire, PCWorld reported.
Sophos recommended disabling Flash until the flaw is fixed and warns that users should never open attachments from unknown sources.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
