- Government Technology News Articles
- Digital Communities
- e-Government
- Economic Stimulus
- Emergency Management
- Emerging Technologies
- Enterprise Technology
- Green Initiatives
- Products
- Public CIO
- Public Safety
- Transportation
- Wireless
- View All News Topics…
- Get News Via Email
- Industry Perspectives
- Case Studies
- White Papers
- Partner Sites
- Government Technology Magazine
- Current Issue
- Subscribe
- Contact
-
Get Govtech's
Daily Newsletter
Cyber Criminals Exploit Adobe Flash Vulnerability
May 29, 2008,
A new vulnerability in Adobe Flash is being used to distribute malware. Cyber criminals are distributing .swf files (the Flash extension) crafted to exploit the new vulnerability in Adobe Flash in two different ways.
In some cases, when a user visits a Web page containing one of these modified files, the browser will interpret code within the file as a command to download a certain type of malware. In other cases, the code included in the Flash file redirects the user (in the background) to a malicious Web page designed to launch new attacks against the system, and to drop malware on the computer.
Interestingly, the creators have designed codes to affect different browsers. PandaLabs has already detected the distribution of Wow.UB Trojan using this method, although the range of malicious code distributed in this way could increase over the next few hours.
"The maliciously-crafted Flash file could come in the form of a novelty animation which users have to run or it could be an image which is loaded directly on opening the Web page. This way, users would not suspect the infection, as the Web page could appear to be completely legitimate," says Luis Corrons, Technical Director of PandaLabs. "The fact that the vulnerability can be exploited regardless of the browser used, allows cyber-crooks to infect a greater number of users".
Users are advised not to run suspicious .swf files, and to be on the lookout for updates published by Adobe to resolve this security problem.
Industry Solutions for Government
Read real world deployments of technology in government from our sponsors.
View All Industry SolutionsRelated Products and Services
Marketplace
Video 
-
Clean Tech Capital
Chad Vander Veen reports on Sacramento's growing clean technology industry. -
Power Aid, Texting 911 & Broadband
Battery running low? Power up on the go. Got an emergency? Now some residents can text for help. And survey reveals broadband barriers. -
Belkin the Vampire Slayer
Belkin surge protector takes a bite out of vampire power.
Government Jobs
Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
twitter
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE Subscription
Comments
The Adobe vulnerability (CVE-2009-0658) affects Adobe Reader 9 and Acrobat 9, Adobe Reader 7 and 8, and Acrobat 7 and 8. Since there is a known vulnerability without the availability of a software patch, Gideon Technologies (www.gideontechnologies.com) recommends: 1. Notify end users of the potential for exploits, and to not open untrusted PDF documents 2. Perform a immediate discovery scan to refresh the inventory of systems that will need to be scanned for this vulnerability, and to ensure desktop anti-virus products are installed and up-to-date. 3. Plan for a multi-step mitigation plan - in order to minimize the vulnerability window, upgrade Adobe Reader versions 7 and 8, and Adobe Acrobat 7 and 8 as soon as possible. - plan for the pending Adobe 9 patch testing and upgrade - plan for potential incident responses required if an exploit is detected before the planned upgrades are completed.
The solution to this potential exploit is available -- update to the latest version of Flash Player. www.adobe.com/go/getflashplayer More information on this can be found at Adobe's Adobe Product Security Incident Response Team (PSIRT) blog: blogs.adobe.com/psirt/ Thanks, Matt Rozen Adobe Flash Player PR
Latest Government Technology News