A new vulnerability in Adobe Flash is being used to distribute malware.
This is according to PandaLabs, which warns that cyber-crooks are distributing .swf files (the Flash extension) crafted to exploit the new vulnerability in Adobe Flash in two different ways.
In some cases, when a user visits a webpage containing one of these modified files, the browser will interpret code within the file as a command to download a certain type of malware.
In other cases, the code included in the Flash file redirects the user to a malicious webpage designed to launch new attacks against the system and to drop malware on the computer.
“The maliciously-crafted Flash file could come in the form of a novelty animation which users have to run or it could be an image which is loaded directly on opening the Web page. This way, users would not suspect the infection, as the webpage could appear to be completely legitimate,” says Jeremy Matthews, head of Panda Security’s sub-Saharan operations.
The creators have designed codes to affect different browsers. PandaLabs has already detected the distribution of Wow.UB Trojan using this method, although the range of malicious code distributed in this way could increase over the next few hours.
“The fact that the vulnerability can be exploited regardless of the browser used, allows cyber-crooks to infect a greater number of users,” says Matthews.