Malvertising Through Adobe Flash Zero-Day Exploit

Last week, a new vulnerability found in Adobe Flash has been exploited for the use of a malvertising campaign. This exploit, discovered by Trend Micro: A security software company, redirected users from dailymotion.com to a malicious website through the use of malvertising (CVE-2015-0313).

Malvertising is the process in which malware is delivered to a computer by injecting it into an advertisement which is then distributed by third-party advertisers. This can be dangerous since both the site owner and the visitors don’t really have means to determine which advertisements are shown. Trend Micro stated that it is likely that this exploit could have been used on other websites other than Dailymotion as the infection is triggered through the advertising platform rather than through Dailymotion itself.

Because Flash is such a common software, the possibility of a large amount of computers becoming infected was high. Thankfully this exploit was patched within a matter of days and only some 3,000 computers were redirected to the malicious site.

-Jacob Johncox

Sources:

http://www.darkreading.com/new-adobe-flash-0-day-used-in-malvertising-campaign/d/d-id/1318900?

http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

Advertisements