HKCert
  

Adobe Flash Vulnerability being used by Ransomware in Malvertising

Release Date: 24 / 10 / 2014
Last Update: 24 / 10 / 2014
Risk Level:  


Security researchers at Proofpoint discovered CryptoWall 2.0 ransomware used malvertising# to infect the computers with outdated Adobe flash players running on Windows.

 

Without having to click on anything, visitors to the impacted websites which serve Adobe Flash enabled embedded advertisement may be stealthily infected with the ransomware which exploits the vulnerability of Adobe flash players (CVE-2014-0556). The impacted websites, including various service pages in the Yahoo, Match.com, and AOL domains, etc, potentially reaching as many as 3 million visitors per day. Similar to the behaviour of other ransomware, CryptoWall encrypts the files in the infected computers and demands the victims paying ransom in exchange of the encryption keys.

 

#What is Malverstising? 

Malvertising (from "malicious advertising") attacks use online advertising channels to infiltrate malware into the computers of unsuspecting users by embedding malicious code within advertisements on legitimate websites.

 

  • Denial of Service
  • Remote Code Execution
  • Adobe Flash Player 14.0.0.179 and prior running on Windows
  • Adobe Flash Player ESR 13.0.0.241 and prior running on Windows
 

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to a fixed version.