Turn Off Flash To Avoid 'Malvertising' Attacks

Turn Off Flash to Avoid 'Malvertising' Attacks

Financial scammers are infecting ads on Google's ad network, and people who visit Examiner.com are at risk. These infected ads look legit, but they use Flash-based redirection to install malware and steal financial information. And you don't even have to click on them to get infected with Zbot, the banking trojan that takes financial data.

You just have to visit the page and have Flash enabled. (Update: Looks like it's Cryptowall, a ransomware that encrypts files and then only decrypts them if you pay up.)

Malwarebytes discovered this most recent version of the scheme, which also affected other popular websites that use Google's Doubleclick ad network subsidiary earlier this month.

This is a good time to remind you to disable Flash. This recent spate of attacks makes it clear that it's too easy to exploit (this'll also give you the added benefit of saving battery on your laptop).

Disabling Flash is not hard. For Chrome, go to Settings and click on Show Advanced Settings. Then click Content Settings under the Privacy tab. A pop-up window will appear. Under Plug-ins, choose Click to Play.

If you use Firefox, I recommend installing an add-on called FlashDisable that makes it easy to turn it on when you want to watch a YouTube video and turn it off when you're just browsing around. Flashblock works, too.

If you are using Safari or Internet Explorer, I am confused by your life choices. But whatever you use, don't allow Flash to automatically play everything in your browser. Malewarebytes' senior security researcher Jerome Segura suggested that this kind of attack is likely to continue. "The lines between malvertising and exploit kits are getting blurry," he said. And with Flash as the delivery tool for those exploit kits, it's well worth taking the time to change your settings.

Picture: Malwarebytes


Comments

    Isn't it time they just killed Flash..?

      Its still the only way to get live streaming video, and video compatability and for more secure video transfer. Once you can eliminate the need for that which going by how long it took for native video in browsers and they still screwed it up, it'll be another 20 years before flash can be eliminated.

      They should nuder it though, strip out anything not related to video playing.

        Agreed! Video playing is the prime feature and what it still does way better than shitty html5, but the other stuff needs to go.

    Pity Kate is too busy making snide jabs at IE and Safari to provide useful information to users of those browsers.

    In IE you can actually use the handy Active X filtering option, go to your settings dropdown, click Safety and then choose Active X Filtering. For a more complete block you can 'Manage Add-Ons' and disable Shockwave Flash altogether.

      yep. you can also use the Adblock Easylist with Internet Explorer's built-in Tracking Protection http://www.iegallery.com/en-au/trackingprotectionlists

Join the discussion!

Trending Stories Right Now