There is a new type of malicious advertising doing the rounds, one that targets users of Windows, Mac, and Linux systems running IE, Firefox, and Safari. The attack, which was made public via a number of discussion boards, exploits a feature in Flash to put a plain-text string of characters on a user’s clipboard.
While the feature alone appears to pose no security risk at all, hackers are using it in tandem with Flash-based banner ads on legitimate sites to persistently overwrite the clipboard with a malicious URL – effectively hijacking the clipboard until the browser window is closed. This of course can lead some people to unknowingly spam the link, which points to a fake anti-virus product for sale.
Adobe says it is investigating potential solutions to this issue and has promised to update customers as soon as more information is available.