Skip to main content

Flash hit by malware, again

Well someone likes punching a carcass, as Flash has been hit with another malware. According to security firm Trend Micro which first spotted the vulnerability, it can be abused by attackers to install software on a victim's computer.

The attack begins, as they usually do, with an email. The email, usually named something related to current news (“Syrian troops make gains as Putin defends air strikes” and “Israel launches airstrikes on targets in Gaza”), contains a link to a site where the Flash exploit is located. Once the unsuspecting victim clicks it, the malware is installed on their computer.

The malware was used in something Trend Micro calls Pawn Storm, a hacking attack targeting several foreign affairs ministries around the globe, which could explain why the emails contained titles relating to current events in the Middle East.

"It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year,” Trend Micro writes in a report.

The security firm has notified Adobe and are working with them to address the issue, it is said in the report.

Flash has been hit by so many attacks recently, that calls for its complete removal have been loud in multiple occasions. The first in the bunch was the late Apple CEO Steve Jobs, who said Flash was too much of a risk to be integrated into iOS. Google has also disabled auto-play on Flash scripts within its Chrome browser.