McAfee warns about possible exploits

May 28, 2008 14:35 GMT  ·  By

Hackers and spammers seem to be working around the clock in trying to search for vulnerabilities in various applications. It appears that a recently discovered exploit tries to take advantage of an unpatched Adobe Flash vulnerability. According to a yesterday post on the McAfee Avert Labs, the security company has received a number of exploit samples from many sources spamming multiple domains.

McAfee took these submissions of samples very seriously and started to investigate on the matter. It seems that while browsing the sites that serve these SWF exploits McAfee found a connection leading to recently reported mass hacks. As with the early May reported attacks, infected sites reference an external script, which for this new Adobe Flash-related vulnerability seems to be an SWF file. Apparently this SWF file leads to another similar one named WIN 9,0,124,0i.swf (WIN 9,0,124,0i.swf). The file is currently off-line.

McAfee isn't able to confirm that this last SWF file is an attempt to exploit the above mentioned Adobe Flash vulnerability, but Symantec mentioned the same domain to serve the earlier exploit. Besides Symantec's discovery, SANS also mentions another domain and 2 presumed exploits, named WIN 6,0,79,0ff.swf (WIN 6,0,79,0ff.swf) and WIN 6,0,79,0ie.swf (WIN 6,0,79,0ie.swf), also off-line.

McAfee draws three conclusions from all of the above files. Apparently, different exploits are built for different versions of Adobe Flash, namely 9.0.124.0 and 6.0.79.0, which are rather old. Versions of the exploit are suspected to be either available or under development and they are expected to target other operating systems besides Microsoft's Windows. The last conclusion is that there are exploits especially designed for the two most used Internet browsing applications, namely Internet Explorer and Firefox.

At this moment there are no more details available about this security vulnerability, but McAfee promises to provide users with more information as the investigation moves along.