TechnologyAccounting SoftwareBusiness websites using Flash put users at risk

Business websites using Flash put users at risk

Corporate web sites that use Flash animation could allow hackers to control user's computers, according to a security expert.

The flaw allows malicious code to be executed on a user’s computer that runs the Flash software used by 98% of web users. The exploit was found by security firm eEye, which discovered and named the Code Red virus last year.

The vulnerability in Flash Version 6, revision 23 was confirmed by eEye and said this would ‘include most installations on Windows’. The flaw is attributed to a buffer overflow linked to an ActiveX control called Flash.ocx. Marc Maiffret, chief hacking officer at eEye said the attack could be performed via some HTML email clients or by visiting malicious websites.

Other versions of Flash could be affected and while the company acknowledged it had not tested them, it said that people who have a previous version of Flash that is not affected may be obliged to ‘upgrade’ to the defective version because the Flash.ocx file is signed by Macromedia.

Richard Barber of security consultants Integralis said such an attack was certainly feasible and could be used to affect multiple users.

‘It lends itself not only to manual attacks but large scale automated attacks which are very popular among hackers,’ said Barber. ‘This allows people to deploy zombie agents and other things that they want to do.’

He said the point of automated attacks was the hacker has a large population to attack and only expects a certain measure of success. The hacker then just sits there until an attack has been flagged before delivering their dangerous payload. ‘It is very nice and easy for the hacker to do and allows them to cover their tracks easily,’ he said.

Wayne Charlton, founder of music news website rnr-revolution.org believed that this was another good reason for corporate websites to ditch animation websites in favour of something with more substance.

‘It takes a long time for an awful gimmicky animation to download and that’s really annoying. But to find that your computer has been hacked afterwards is too much to bear,’ said Charlton. ‘Web users want real information not dancing monkeys on sticks.’

The company advised users wanting to download the latest version of Flash to go HERE.

Related Articles

Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

2w Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

5m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
UK behind foreign markets in digital accounting, but gap is narrowing

Accounting Software UK behind foreign markets in digital accounting, but gap is narrowing

7m Alia Shoaib, Reporter
The rise of the progressive accountant

Accounting Software The rise of the progressive accountant

7m Emma Smith, Managing Editor
Making Tax Digital: Revolution or revolt?

Accounting Software Making Tax Digital: Revolution or revolt?

8m Emma Smith, Managing Editor
Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

Accounting Software Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

8m Emma Smith, Managing Editor
Four reasons why SME owners should switch to cloud accounting

Accounting Software Four reasons why SME owners should switch to cloud accounting

9m Emma Smith, Managing Editor