Someone submitted this malicious link "http://jjxp22.cn/a/iqq.html" to me . It seems to be a pop-up or hidden link from some compromised sites.
It contains obfuscated Javascript that embed malicious Shockwave Flash, which compromise the Integer overflow vulnerbility in Adobe Flash Player 9.0.115.0 and earlier (CVE-2007-0071), which allows remote attackers to execute arbitrary code.
One of the Sample Flash file info
#######################
Filename: i16.swf
Size: 17897
MD5: 426969FD0D7324EE170D6F46BDB203B6
Virus Found: Bloodhound.Exploit.193 (Symantec)
On the VirusTotal website, 13 out of 39 AV detected it - Link.
For more details of my finding, visit W01f Labs
w01f advise: Patch up your Shockwave Flash Player and be careful on suspicious and hidden links.
You can check your Flash Player version by going to this website or to the link below -
http://www.adobe.com/software/flash/about/
No comments:
Post a Comment