back to article Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …

  1. Semtex451

    Good thing there's no Flash at El Reg, apart from Dabbs in a trenchcoat

    1. allthecoolshortnamesweretaken

      Is he relly that fast? Impressive.

  2. Adam 52 Silver badge

    "Stupid folk"

    Not really now is it? Plenty of very smart people have better things to do than be a slave to Adobe's patch cycles and enabling auto-update isn't viable if you care at all about privacy, Microsoft, Oracle and Google have killed that option. As I've said before, the IT industry needs to grow up and stop blaming users for developer cock ups - from Adobe to websites that use Flash to local sysadmins.

    1. Robert Helpmann??

      Re: "Stupid folk"

      On the other hand, one might look at the issue in terms of "Fool me once, shame on you. Fool me some ridiculous number of times, well then I'm stoopid." It's not that consumers and customers should be blamed for flaws in the software, but it's no secret that they exist and when left un-patched will cause problems not only for the owner of the infected machine, but for everyone else as well.

      As far as privacy versus patching, it is doubtful that disabling automatic patches will slow a government or corporate entity from getting as much information concerning you as they wish, but it will definitely put you at risk from malware. Alternately, just delete the damn software and do without or use something else up to and including a different OS.

      1. NotBob

        Re: "Stupid folk"

        Might I introduce you to Windows, an OS that some programs require?

        Might I introduce you to cryptic updates that you may need or which may screw you over with a major OS change?

        Might I introduce you to the masses with neither the time, ability, nor inclination to tell the updates apart?

        1. Anonymous Coward
          Anonymous Coward

          Re: "Stupid folk"

          Then may I introduce you to the handbasket. If you're dependent on such a problematic OS, then you're basically doomed to go one direction: straight down.

  3. Semtex451

    Hang on someone recently told me that flash was dead.

    Oh wait, it was my Mum, talking about someone called Flash Harry.

    Now I'm thinking of legs.... can we have more of Dabbsy's Videos before the thought Police arrive?

    I have my coat but where's me jumper?

    Anyone, where's me jumper?

    1. Vic
      Thumb Up

      Hang on someone recently told me that flash was dead.

      Flash is very much alive. Long may that continue...


  4. ZSn


    But how vulnerable are you if you don't actually have flash on your system? If you keep patched and no flash? Do they use zero days or does just keeping on top of things stop them?

    On a somewhat related note - the flash on windows 10 is that written by Microsoft. Does it suffer from the same flaws or had Microsoft introduced some of their own?

    1. Charles 9

      Re: vulnerable

      You can avoid Flash vulnerabilities by not using Flash, but many people don't have that option, requiring flash in their everyday activities. And yes, if they want to infect people badly enough and they can acquire one (this can be tough; usually it's states and other powerful agencies that hoard them), they MIGHT use a zero-day vulnerability.

      As for Windows 10, that's still done by Adobe IIRC. The only company helping Adobe with Flash is Google, and only in regards to Linux and Chrome.

  5. macjules

    Flash bash party nausea

    It strikes me that if you are going to hold a Flash bash party these days then you might as well book the room for a weekly event.

  6. arctic_haze

    Frends don't let friends install Flash

    Every month there are less and less reasons to have this Hacker's Delight installed.

    1. Charles 9

      Re: Frends don't let friends install Flash

      But the few that remain become that much more difficult to deal with. What do you do when your very-expensive enterprise system requires Flash to control it? Switching it out is not an option due to the accountants, who tend to be able to trump the security team (after all, accountants can influence the IT budget).

      1. Andy A

        Re: Frends don't let friends install Flash

        ... and then there are the websites which REQUIRE flash for no reason. BBC iPlayer, for example, uses flash to stream video. Reasonable enough. But if you want to download a programme to view in the offline player (which, thankfully, doesn't rely on flash), the "download" button is removed unless flash is enabled in the browser.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like