Menu
Massive Flash exploit campaign directed at Japan seeks financial data

Massive Flash exploit campaign directed at Japan seeks financial data

Legitimate websites in Japan have been compromised to serve up malicious code, Symantec said

An Adobe Flash player vulnerability is being used in attacks on a massive scale against Web users, mostly in Japan, to collect online banking details, according to new research from Symantec.

On Monday and Tuesday, Symantec detected more than 14,000 attacks against Japanese Web users using the flaw, wrote Joji Hamada on the company's blog. Although attacks have been detected elsewhere, 94 percent of those Symantec has seen were directed at Japan.

Why Japanese users seem to be targeted the most is unclear. Hamada wrote that the attack code exploiting the Flash vulnerability has been planted on legitimate websites that have been hacked, including a travel agency, a blog service and a video-sharing service.

"The attacks are typically carried out through drive-by download and leverage compromised legitimate websites to host malicious code," he wrote. "The websites then redirect traffic to a malicious site prepared by the attacker."

Adobe patched the vulnerability (CVE-2014-0515) on April 28, which was detected by a Kaspersky Lab researcher in mid-April after it was being used in attacks.

Hundreds of millions of computers run Flash worldwide. Adobe has tried to make patching easier for its users by prompting them to update the program when it releases updates. But users must still download the patch, close their browser and apply the update. Attackers are hoping people don't bother and dismiss the prompt.

Hamada wrote unpatched computers that fall into the trap are delivered Infostealer.Bankeiya.B, which is malicious software that runs on Windows XP, Vista and 7 operating systems. It collects online banking credentials by monitoring activity in Chrome, Firefox and Internet Explorer.

"The malware can also update itself, enabling it to target more banks and add more capabilities in order to perform additional malicious actions," he wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitysymantecAdobe SystemsExploits / vulnerabilities

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments