View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Adobe Flash Player vulnerability being exploited on massive scale, says Symantec

90% of victims are from Japan

By CBR Staff Writer

Internet users in Japan are the biggest targets for cybercriminals exploiting the Adobe Flash Player Buffer Overflow Vulnerability, said Symantec.

The attacks which were originally in watering-hole in April, have increased to a massive scale with 94% taking place in Japan, and 4% in the US.

The attacks are being carried out through legitimate websites, where a malicious code is hosted to redirect traffic to the attacker’s website, said Symantec.

Travel agency site His-j.com, blog service jugem.jp and video sharing service pandora.tv are among the Japanese sites that have been compromised so far.

Symantec’s blog post said, "Once the browsers are redirected to the malicious site, which has the IP address 1.234.35.42, they render the exploit code that attempts to exploit CVE-2014-0515.

"If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer with the malware Infostealer.Bankeiya.B, which steals banking information from users."

The Trojan targets information made available by users in their online banking transactions.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Adobe released an emergency security patch in April after Kaspersky Lab discovered that a bug related to Flash compromised jpic.gov.sy, a Syrian Justice Ministry website. The vulnerabilities in its Shockwave Player 12.0.7.148 were fixed earlier this year.

In October 2013, 38 million Adobe customers fell victims to data breach. Hackers accessed Adobe users’ names, credit and debit card numbers and expiration dates.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU