Adobe Flash Player vulnerability being exploited on massive scale, says Symantec

Data CBR Staff Writer

10:11, May 30 2014

90% of victims are from Japan

Internet users in Japan are the biggest targets for cybercriminals exploiting the Adobe Flash Player Buffer Overflow Vulnerability, said Symantec.

The attacks which were originally in watering-hole in April, have increased to a massive scale with 94% taking place in Japan, and 4% in the US.

The attacks are being carried out through legitimate websites, where a malicious code is hosted to redirect traffic to the attacker's website, said Symantec.

Travel agency site, blog service and video sharing service are among the Japanese sites that have been compromised so far.

Symantec's blog post said, "Once the browsers are redirected to the malicious site, which has the IP address, they render the exploit code that attempts to exploit CVE-2014-0515.

"If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer with the malware Infostealer.Bankeiya.B, which steals banking information from users."

The Trojan targets information made available by users in their online banking transactions.

Adobe released an emergency security patch in April after Kaspersky Lab discovered that a bug related to Flash compromised, a Syrian Justice Ministry website. The vulnerabilities in its Shockwave Player were fixed earlier this year.

In October 2013, 38 million Adobe customers fell victims to data breach. Hackers accessed Adobe users' names, credit and debit card numbers and expiration dates.

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.