back to article Attackers sling recent Flash 0day through 1800 domains

Some 1800 subdomains have been found slinging the Angler exploit kit using Adobe's most recent Flash zero day exploit, Cisco researcher Nick Biasini says. The lion's share of nasty subdomains were set up on 28 and 29 January and tied to about 50 GoDaddy registrant accounts. Biasini said the malvertising attacks used several …

  1. TechnoTechno

    Can't die quick enough

    Totally unnecessary in this day and age. Buggy, slow, and security nightmare.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't die quick enough

      Tell VMWare that built VSphere management on it.... one of the silliest choice they could make.

      1. phuzz Silver badge
        Facepalm

        Re: Can't die quick enough

        Silliest choice? I beg to differ, they could have used Java.

        1. Anonymous Coward
          Anonymous Coward

          Re: Can't die quick enough

          I wrote *one* of the silliest choices - of course java would have been another, although there's a lot of Java in VSphere too. Never encountered the bug that it doesn't accept password with spaces or many other special characters? That's because some operations go through shell script that invoke java code, and if you happen to use some characters one of them interpret in the wrong way (because of course they are not properly handled...) you may end up with a crippled system...

  2. Electron Shepherd

    The Good Work Starts Here?

    Maybe El Reg should take the lead, and stop using it themselves, and ban any advertiser on here who uses it?

    I have Flash installed (for iPlayer), but configured as "click to play" for all sites except bb.co.uk.

    Flicking through articles this morning, I've received at least one "this page wants to run Flash" message. As of now, I'm getting it on NASA: Give us $18.5bn and we'll take you to Europa and beyond, probably due to the embedded YouTube link. Maybe replace the embedded link with a static image and an anchor link to the YouTube page?

  3. thomas k.

    But ... but ...

    Hulu requires Flash! You want me to miss my shows?!

    Tired of all these exploit stories, I went ahead and uninstalled Flash, only to discover Hulu needed it. So I downloaded and installed it again, through IE, and Hulu worked again *in IE*. But it didn't work on Firefox (and neither of the 2 Flash Player add-ons worked, either) so I had to download and install it again, through Firefox, to get it to work on that, too. Very strange.

    1. phuzz Silver badge

      Re: But ... but ...

      There's two versions, an ActiveX one for IE, and a plugin version for Firefox (et al). Oh, and Chrome has it's own version as well.

      In Firefox you can make flash click-to-play, so it'll only run when you want it to, although right now I can't remember how to enable that.

      1. Electron Shepherd

        Re: But ... but ...

        You can make it click to play on IE as well, and can whitelist selected sites to save the rodent from unnecessary wear and tear.

    2. Anonymous Coward
      Anonymous Coward

      Re: But ... but ...

      There are different standards for plugins with IE using one and Webkit browsers using another. So the Adobe installer sniffs the browser and supplies the version for that browser.

      Generally you need to install a plugin separately for each browser you use. Handy for testing what happens when a plugin is not available to a site.

  4. Anonymous Coward
    Anonymous Coward

    Flash is a problem, but we should also nuke some registrants.

    It's astonishing that GoDaddy & C. can allow those kind of registrations without any sensible check (just look at the names), just because they bring money and they don't want to kill the (illegal) golden egg chicken.

    They are knowlingly helping criminal gangs to hit and hide, and make money from illegal sources.

    They should be fined for these activities.

    1. Electron Shepherd

      Re: Flash is a problem, but we should also nuke some registrants.

      But sub-domains aren't the responsibility of the registrar. coupons-today.info is a perfectly innocuous domain name. It's all the sub-domains that have the odd names, and those are just A records in a DNS server somewhere.

      1. Anonymous Coward
        Anonymous Coward

        Re: Flash is a problem, but we should also nuke some registrants.

        But of course registering 650 subdomains - probably within a short time - with random names doesn't raise any alarm within GoDaddy SOC, right? Guess someone can attempt a DoS against GoDaddy DNSes registering a huge number of subdomains.... without them noticing?

        1. Just Enough

          Re: Flash is a problem, but we should also nuke some registrants.

          You don't register subdomains with a registrar.

          And there are other perfectly legitimate reasons for having large numbers of subdomains with names that may appear random, but are in fact precise.

  5. Joe Drunk
    Flame

    Coupon-anything websites are all run by criminals

    How many of you spend hours per week cleaning 'coupon-printer' and related malware from unsuspecting punters' computers?

    1. Anonymous Coward
      Anonymous Coward

      Re: Coupon-anything websites are all run by criminals

      "How many of you spend hours per week cleaning 'coupon-printer' and related malware from unsuspecting punters' computers?"

      Coupon Printer is Adware, not Malware. Punters can remove it themselves via Add / Remove Program Files.

      1. Joe Drunk
        Mushroom

        Re: Coupon-anything websites are all run by criminals

        Coupon printer is malware. It hijacks your search page with a BHO (CONDUIT) and although the worthless coupon printer software can be removed, the accompanying luggage cannot be removed by punters requiring a personal visit from a boffin.

        I see you posted AC as you are probably have a vested interest in Coupon Printer and related software.

        I repeat (non-anonymously), Coupon Printer is malware.

        PS. aren't you making enough money from the fake "Adobe flash player is out of date, click here to update" popups?

  6. Anonymous Coward
    Anonymous Coward

    National lottery

    requires adobe flash to play instant wins. What are the odds, etc........

  7. hayzoos

    Flash mess example

    My latest cleanup had flash 9 on Win 7. Even the adware/malware was legitimately asking for a Flash update. Everything was out of date except for the adware/malware. After a thorough cleansing and removal of all old extras and updates of the necessaries and the requisite four score and seven reboots the machine was sorta running like a well oiled machine, mostly. One or more of the OEM semi-useful extras (that stuff somewhere between crapware and solitaire) was asking for Flash. Watching processes while multitasking didn't help find the culprit. A simple search for .swf files was far more fruitful. A screensaver and updater both had .swf files for their core functionality.Out they went. Turns out the printer driver package also has .swf files for the help. It stayed, nobody RTFM anyway.

    The client isn't picking the machine up until Friday. I'm sure by Sunday I'll hear about something asking for flash. Ah, job security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like