[Ph4nt0m] [zz]Flash Player Exploit Update

Tue, 27 May 2008 19:32:14 -0700 

 

看来symantec也只是猜测,样本没拿到,下线了。中国人牛的!

 

Posted by Craig Schmugar

Here’s a quick update to the earlier post
<http://www.avertlabs.com/research/blog/index.php/2008/05/27/newsflash-flash
-player-blight/>  on a new unpatched Adobe Flash vulnerability.  Through
looking for sites serving these SWF exploits we’ve found a connection with
recent mass
<http://www.avertlabs.com/research/blog/index.php/2008/05/16/mass-hacks-like
ly-to-hang-around-for-a-while/>  hacks.  Hacked sites reference an external
script, just as they have for quite some time.  But, the external scripts
now reference an SWF file.  This SWF file references another SWF file named:
WIN%209,0,124,0i.swf (WIN 9,0,124,0i.swf), which seems to be off-line.
While we can not confirm this last SWF file attempts to exploit this new
vulnerability, Symantec mentioned the same domain serving the exploit
earlier.  SANS also mentions another domain, and 2 presumed exploits, named
WIN%206,0,79,0ff.swf (WIN 6,0,79,0ff.swf), and WIN%206,0,79,0ie.swf (WIN
6,0,79,0ie.swf) also off-line.  These file names suggest 3 things.

1) Different exploits are crafted to exploit different versions of Adobe
Flash, in this case 9,0,124,0 and 6,0,79,0.
2) Versions of the exploit may also exist, or be under development, to
target other operating systems, as the aforementioned file names begin with
WIN.
3) Exploits exist for both Internet Explorer and Firefox, as the file names
end in “i”, “ie”, or “ff”

Thus far we’ve identified 2 particular domains involved in mass hacks that
are also believed to have served these Flash exploits.  Combined, Google
yields approximately 250,000 page results when searching for those
references (ie. compromised sites that link to scripts that link to flash
exploits).

Again this threat is still under analysis, more details to follow.

 

 

[Ph4nt0m] <http://www.ph4nt0m.org/>  

[Ph4nt0m Security Team]

                   <http://blog.ph4nt0m.org/> [EMAIL PROTECTED]

          Email:  [EMAIL PROTECTED]

          PingMe:
<http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wu
hq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> 

          === V3ry G00d, V3ry Str0ng ===

          === Ultim4te H4cking ===

          === XPLOITZ ! ===

          === #_# ===

#If you brave,there is nothing you cannot achieve.#

 

 


--~--~---------~--~----~------------~-------~--~----~
 要向邮件组发送邮件,请发到 [email protected]
 要退订此邮件,请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---

<<inline: image001.gif>>

回复