Security & Privacy

It is being reported, such as here at ZDNet, that a Flash clipboard hijacking attack is making the rounds. Malicious ads are injecting text into the clipboard, via Flash, causing users to scratch their heads in wonder as the same URLs appear each time they try to copy and paste text. No matter what is copied, the same URL gets pasted, as the Flash attack rewrites the clipboard constantly. These URLs are to sites that, in turn, attempt to install malicious software, mostly that affects Windows computers.

Reports show that the attack comes from Flash-based advertising on a number of legitimate sites, such as Newsweek, Digg and MSNBC.com. There is no visible sign of the attack until a user attempts to paste text.

There’s an easy way to get rid of this attack, though: just close the browser window or tab that contains the malicious Flash ad, or, if you can’t figure out which window is guilty, quit the browser. Then, copy something to the clipboard to replace what had been injected there by the malicious ad.

If you want to see this in action, security researcher Aviv Raff has set up a web page showing how it works: click this link. Try and paste some text after visiting that link; you’ll see that your clipboard contains the text “http://www.evil.com”. Next, close the tab, copy some text to the clipboard, then paste; you’ll see the URL is gone.

This attack seems to affect all browsers on all platforms, as long as Flash is installed. We have not heard anything from Adobe about a fix, but it is likely that they will issue one soon.