In some cases, when a user visits a Web page containing one of these modified files, the browser will interpret code within the file as a command to download a certain type of malware. In other cases, the code included in the Flash file redirects the user (in the background) to a malicious Web page designed to launch new attacks against the system, and to drop malware on the computer.
Interestingly, the creators have designed codes to affect different browsers. PandaLabs has already detected the distribution of Wow.UB Trojan using this method, although the range of malicious code distributed in this way could increase over the next few hours.
"The maliciously-crafted Flash file could come in the form of a novelty animation which users have to run or it could be an image which is loaded directly on opening the Web page. This way, users would not suspect the infection, as the Web page could appear to be completely legitimate," says Luis Corrons, Technical Director of PandaLabs. "The fact that the vulnerability can be exploited regardless of the browser used, allows cyber-crooks to infect a greater number of users".
Users are advised not to run suspicious .swf files, and to be on the lookout for updates published by Adobe to resolve this security problem.
