Adobe Flash Player vulnerability being exploited on massive scale, says Symantec

Security

by CBR Staff Writer| 30 May 2014

90% of victims are from Japan

Internet users in Japan are the biggest targets for cybercriminals exploiting the Adobe Flash Player Buffer Overflow Vulnerability, said Symantec.

The attacks which were originally in watering-hole in April, have increased to a massive scale with 94% taking place in Japan, and 4% in the US.

The attacks are being carried out through legitimate websites, where a malicious code is hosted to redirect traffic to the attacker's website, said Symantec.

Travel agency site His-j.com, blog service jugem.jp and video sharing service pandora.tv are among the Japanese sites that have been compromised so far.

Symantec's blog post said, "Once the browsers are redirected to the malicious site, which has the IP address 1.234.35.42, they render the exploit code that attempts to exploit CVE-2014-0515.

"If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer with the malware Infostealer.Bankeiya.B, which steals banking information from users."

The Trojan targets information made available by users in their online banking transactions.

Adobe released an emergency security patch in April after Kaspersky Lab discovered that a bug related to Flash compromised jpic.gov.sy, a Syrian Justice Ministry website. The vulnerabilities in its Shockwave Player 12.0.7.148 were fixed earlier this year.

In October 2013, 38 million Adobe customers fell victims to data breach. Hackers accessed Adobe users' names, credit and debit card numbers and expiration dates.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.