Fresh zero-day found in Adobe Flash Player
Trend Micro warns against flaw being exploited for ad fraud
Trend Micro today warned of a recently discovered zero-day vulnerability in Adobe Flash that has already been exploited by cybercriminals.
The vulnerability can be found in the latest versions of Adobe Flash Player and Trend Micro said it was mainly being used to drop malware that defrauds ad networks by generating user clicks on adverts posted on a particular site. The network pays the owner of the website on a per-click basis, so the malware inflates the revenue return for the website owner at the expense of the ad network.
Attackers are using the Angler exploit kit, which uses fresh techniques to hide its activity. Trend Micro researchers who tracked recent victims of the Angler kit believe that most of the vulnerability's victims come from the US (84%) with the majority of the remainder coming from Australia (9%) and Taiwan (5%).
"Vulnerabilities are found all the time," said Christopher Budd, global threat communications manager, Trend Micro. "But usually vulnerabilities are fixed with a patch when they're found, before attackers can target them. As long as you keep your system up-to-date, you're protected against most vulnerabilities. What makes this situation serious is that researchers, including our TrendLabs researchers, have discovered that attackers found this vulnerability first and have been attacking it before a patch is available: this kind of situation is called a ‘zero-day' situation, because defenders have ‘zero days' to protect against attacks. This means even if you keep your system up-to-date, you're still at risk of attack until Adobe releases a patch."
The exploit currently targets the Flash Player plug-ins of Firefox and Internet Explorer, but Chrome is unaffected. Trend Micro recommends disabling the plug-in on affected systems or, if this is not possible, installing ad-blocking software or browser extensions.