Panda Security warns its laboratory has detected that crackers have found and are exploiting a new vulnerability in Adobe Flash to distribute malware.
Jeremy Matthews, head of Panda Security`s sub-Saharan operations, says cyber-crooks are distributing .swf files (the Flash extension) crafted to exploit the new vulnerability in Adobe Flash in two different ways.
"In some cases, when a user visits a Web page containing one of these modified files, the browser will interpret code within the file as a command to download a certain type of malware. In other cases, the code included in the Flash file redirects the user to a malicious Web page designed to launch new attacks against the system and to drop malware on the computer," he cautions.
"The maliciously-crafted Flash file could come in the form of a novelty animation which users have to run or it could be an image which is loaded directly on opening the Web page. This way, users would not suspect the infection, as the Web page could appear to be completely legitimate," he says.
"Interestingly, the creators have designed codes to affect different browsers. PandaLabs has already detected the distribution of the Wow.UB Trojan using this method, although the range of malicious code distributed in this way could increase over the next few hours.
"The fact that the vulnerability can be exploited regardless of the browser used, allows cyber-crooks to infect a greater number of users," says Matthews.
PandaLabs advises users not to run suspicious .swf files, and to be on the lookout for updates published by Adobe to resolve this security problem.
Related stories:
Comcast threatened by teenage hackers
Track phishing real-time
UCT to measure cybercrime
Share