Trend Micro yesterday announced that they’ve found a vulnerability in Adobe’s Flash Player that permits systems with Internet Explorer or Firefox to become infected with Malware from Flash-based advertisements. This is a so-called Malvertisement.
These are particular insidious because a system can become infected simply by visiting a page – the user doesn’t need to click on anything.
The site where most of these infected ads are running is the popular dailymotion.com
Adobe is aware of the issue and is working on a fix that they’ve promised to release this week, but as of this morning it isn’t yet available (current build of Flash is 18.104.22.1686).
What can you do? If your organization can block access to the payload URL, that’s a good action to take. Detailed info on that URL is available in the Trend blog. If your users are running Trend antivirus products with Browser Exploit Protection they are already protected. If you’re not sure have your users disable autoplay of plugins (see our newsletter that explains how to do this here). If you want to be 100% safe, uninstall Flash from systems until a fix is released.