Adobe Flash ads launching clipboard hijack attack

Discussion in 'other security issues & news' started by tlu, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,686
    Tried with updated NoScript and it did stop/block this POC.
    Not that FF is my first choice of browsers but it does seam to defend against this.
    Nothing else stops/blocks this o_O
     
  2. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,713
    Location:
    George, S.Africa
    Sorry, but how to test. I get what you show in the screenshot, but can freely copy/paste/cut before closing the browser. (JS not enabled)
    Using Opera 9.52 on Ubuntu Linux. Maybe my urlfilter.ini file which contains
    a lot of ad blocking filters takes care of it, I don't know.
    There is also a flashblock for Opera here:- http://my.opera.com/Lex1/blog/flashblock-for-opera-9

    Have tried the above flashblock, seems to work fine.
     

    Attached Files:

    Last edited: Aug 21, 2008
  3. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,484
    Location:
    Philippines
    I just checked it again with NoScript. I does block this, when clicking the proof-of-concept demo provided in Adobe Flash ads launching clipboard hijack attack | Zero Day | ZDNet.com, nothing was transferred to my clipboard. That test flash object was blocked by NoScript.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    I am not sure what happened in ur case, it works on my system with Opera 9.51, exactly as I described.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    I suspect it can,t.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Hmmmm ... not the FF but NoScript or more precisely flash block defends against this.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Got it.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    SafeSpace failed too. I was thinking it might pass.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    Sure it can, create a rule to BLOCK flash, game exploit over. Simple as that. I don't see much of a threat with all these new POC's being formed because it takes a forceful effort to bog down a PC altogether or get very far before today's security apps identify something and throw on the brakes.
     
  10. Dogbiscuit

    Dogbiscuit Guest

    Windows software restriction policy (LUA+SRP) does not stop the attack. Other software that blocks executables would also probably not block this as well, I gather.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Why bother to block flash with EQS. It can be blocked by browser itself. It,s not success of EQS.
     
  12. oldBear

    oldBear Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    37
    ClipGuru, a free clipboard manager from HTConsulting - http://clipguru.com - attempts to notify users of Windows clipboard hijacking. It does not prevent it from happening, just alerts if it does.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.