Adobe Flash Player vulnerability being exploited on massive scale, says Symantec


by CBR Staff Writer| 30 May 2014

90% of victims are from Japan

Internet users in Japan are the biggest targets for cybercriminals exploiting the Adobe Flash Player Buffer Overflow Vulnerability, said Symantec.

The attacks which were originally in watering-hole in April, have increased to a massive scale with 94% taking place in Japan, and 4% in the US.

The attacks are being carried out through legitimate websites, where a malicious code is hosted to redirect traffic to the attacker's website, said Symantec.

Travel agency site, blog service and video sharing service are among the Japanese sites that have been compromised so far.

Symantec's blog post said, "Once the browsers are redirected to the malicious site, which has the IP address, they render the exploit code that attempts to exploit CVE-2014-0515.

"If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer with the malware Infostealer.Bankeiya.B, which steals banking information from users."

The Trojan targets information made available by users in their online banking transactions.

Adobe released an emergency security patch in April after Kaspersky Lab discovered that a bug related to Flash compromised, a Syrian Justice Ministry website. The vulnerabilities in its Shockwave Player were fixed earlier this year.

In October 2013, 38 million Adobe customers fell victims to data breach. Hackers accessed Adobe users' names, credit and debit card numbers and expiration dates.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2218 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.