HOME
HAURI News
NEWS

HAURI News

[Attention]Adobe Flash Player vulnerability
06/12/08
If you visit a webpage that contains SWF files from Adobe Flash Player vulnerability, the malicious scripts or codes will be downloaded and executed on your system.

In this moment, this kind of malicious codes are spreading fast. Therefore, we recommend to update Adobe Flash Player to latest version(9.0.124.0).

[How to secure]
You can check the Adobe Flash Player version from below site:

http://www.macromedia.com/software/flash/about/

Please click "Player Download Center" to download the latest version from that page.

[Detailed Information]


1) How it spreads

If you visit a webpage that contains SWF files from Adobe Flash Player vulnerability, the malicious scripts or codes will be downloaded and executed on your system.

2) Analysis Information

Attack script codes are like below:


[Pic 1] w**.htm

If "45**.swf", "45**.swf" SWF files executes, it accesses to www.wa******.cn ( 12*.**.***.35 ) site for downloading malicious codes.

Also, if "g*.htm" executes, it accesses to www.al******.cn ( 12*.**.***.35 ) site then executes "we**.asp".


[Pic 2] g*.htm


[Pic 3] we**.htm

If "we**.asp" executes, "Ms*****.htm" follows to execute and "http://www.wa*******.cn/o*.exe" malicious codes are downloaded.

This "o*.exe" is same malicious code as "a*.exe" and it modifies the date of infected system to the year of 2000.


[Pic 4] Ms*****.htm

Moreover, it accesses to www.ta*****.cn ( 22*.2**.2**.151 ) site for getting *.txt and downloads the malicious codes from *.txt contents.

Downloaded malicious codes from the harmful sites have been updated as same file name as varietal viruses, therefore symptoms will be shown variously even though the process names of malicious codes are same.

HAURI Inc. are monitoring like below harmful sites and periodically sampling and updating.

www.be********.org ( 22*.2**.2**.151 )
www.ti********.cn ( 22*.2**.2**.151 )


Below sites are related to the malicious codes of Adobe Flash Player vulnerability.

Like [Pic 5], [Pic 6], many harmful sites are updated.


[Pic 5] Old_*.txt [Pic 6] New_*.txt

3)How to secure
You can check the Adobe Flash Player version from below site:

http://www.macromedia.com/software/flash/about/

Please click "Player Download Center" to download the latest version from that page.
List