Firefox and Safari users under cyber attack

18 Aug 2008

Windows and Mac users of the popular Firefox browser as well as users of the Apple Safari browser are being warned about a new cyber attack that targets the clipboard where copied text is stored.

After attacking the user’s clipboard, it then tries to spread poisonous links, which then stay in place even after the user copies new text. The only way to remove the programme is to reboot.

According to posts on discussion boards, the code that inserts the link to a seemingly harmless address has been found in flash-based adverts on many legitimate websites.

The attack works by exploiting Adobe Flash files used to make display adverts in such a way as to flush the clipboard of text and re-insert malicious text in its place. Those following the link get taken to a page advertising a bogus anti-virus security programme that tells them their machine is riddled with malicious software.

According to security analyst Chris Boyd of malware research firm Facetime Security, the attack has also been propagated via spam email with links to the rogue sites. “After a week or two of seeing CNN spam and then MSNBC, both of which allude to ‘breaking news stories’ in order to get people’s attention, it seems those behind these attacks are now sending out plain emails with none of the allusions to being from major news networks — they simply say ‘Breaking news’ in the title field,” Boyd said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years