Flash ad that hijacks your clipboard
You’ve got to give ‘em a point or two for creativity, anyway … malware authors have found a way to get a minor malware exploit into non-Windows systems. They found some bad code in Adobe Flash and put it to work.
They use the Flash banner ads to put a URL (which I won’t list here) into your clipboard which claims to check your computer for viruses and other malware. If you go to that website, it requests permission to install a program that checks for malware, then if you click “Cancel,” it switches to a page that appears to use something called “Antivirus 2009 Web Scanner” to look for malware on your PC. It also claims to find it, of course. Then it presents an XP-style dialog box which offers you buttons to remove the spyware or ignore the problem; whether you click the “ignore button” or the “remove all button” (neither are buttons; it’s just a web graphic) it tries to install its “antivirus” program (which is a Windows executable). I rather suspect that they’re not actually trying to install an antivirus program, but instead something more insidious.
If you’re running Windows XP’s default interface, it looks really scary. If you’re running Vista, have changed XP’s window widgets or don’t use Windows at all (Linux, one of the various BSD flavors, OpenSolaris or Mac OS X) … well, it just looks out of place. I rather suspect that my Ubuntu system doesn’t have Spyware.IEMonster.b, Zlob.PornAdvertiser.Xplisit or Trojan.InfoStealer.Banker.s (assuming any of those actually exist) floating around on it.
The Flash clipboard exploit takes control of your clipboard as long as the browser window/tab is open. Copy or cut something else and the exploit re-inserts that address. The only way to stop it is to close the window.
Adobe Flash ads launching clipboard hijack attack
Related thread from Ubuntu Forums
