« A Needed Correction on MobileMe Security | Main | Fedora's "Illegally Accessed" Servers »
August 20, 2008
Your Treacherous Clipboard
Some malware making the rounds stores a malicious URL in its victims’ clipboards:
“Computer security firms are warning about an attack that hijacks the clipboard where copied text is stored.
“The attack puts a hard-to-delete weblink into the clipboard that, if followed, leads people to a website selling fake security software.
“The code that inserts the link has been found in flash-based adverts seen on many legitimate websites.
“The attack on the clipboard has hit both Windows and Mac users of the Firefox web browser.”
(Link)
The BBC’s coverage is in line with this story where it has cropped up in mainstream tech reporting over the past week.
Some users report that they have to reboot their machines to make the malicious clipboard content leave their clipboards. Others say it goes away when they shut down Firefox. This guy, who actually writes a clipboard application, says it goes away if you close the window or tab with the problematic Flash content, which is what I have found with a demo of the exploit.
A quick barnstorm of the overall question of browsers being able to talk to the system clipboard indicates what I learned while working on a small helper script a few months ago: Browser developers have largely decided the browser shouldn’t be able to get at the system clipboard. A lot of JavaScript designed to take advantage of IE6 allowing exactly this have to fall back to Flash on other browsers.
Here’s a demo site that shows the attack in operation: http://raffon.net/research/flash/cb/test.html. It works on Camino and Firefox, but not on Safari.
Posted by mhall at 6:19 PM | Add Comment
Leave a comment