The critical security flaw in in Adobe Flash Player was uncovered after hackers targeted visitors to a number of different foreign and economic policy websites dealing with matters of US national security.
Researchers at FireEye identified the new Flash vulnerability being exploited on February 13th, as computer users visiting the Peter G. Peterson Institute for International Economics were invisibly redirected to an exploit server hosting the zero-day exploit.
The security firm later discovered that the websites of the American Research Center in Egypt and the Smith Richardson Foundation (SRF) were also redirecting visitors to the malicious web server. At the time of writing, the SRF website says it is – perhaps unsurprisingly – down for maintenance.
Anyone who has visited these websites in recent weeks is at a high risk of having had their computers infected, and the potential for data on their PCs to have been stolen.
And, because of the nature of the types of people attracted to such sites, you have to consider that any information exfiltrated from the infected computers could be of interest to foreign states gathering intelligence.
FireEye, which has bizarrely named the attack “Operation GreedyWonk”, paints a picture of a co-ordinated campaign designed to exploit websites related to national defence and security and compromise the computers of their visitors.
This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.
This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.
Researchers say that currently the Adobe Flash exploit has been used to target computers running Windows XP, Windows 7 and Java 1.6, Windows 7 and unpatched versions of Microsoft Office 2007 or 2010. Although updating your versions of Office or Java might mitigate this particular threat (and I’ve talked a lot about moving away from Windows XP in the past), there’s nothing to stop cybercriminals exploiting the Flash flaw to serve up other attacks.
So the best solution is to patch Flash, and close the vulnerability forever.
Adobe has issued a security advisory for Windows, Mac and Linux users of Flash Player to upgrade to the latest version – 220.127.116.11.
If your installation of Adobe Flash does not update automatically, you can download the security update from the Adobe Flash Player Download Center.
In addition to the Adobe Flash updates, Adobe Air users are also being told to update their systems with new versions for Android, Windows and Mac. It would also make sense, if you are a user of Office 2007, Office 2010 or Java to make sure you are running the latest versions of those software products as well.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.