TechnologyAccounting SoftwareBusiness websites using Flash put users at risk

Business websites using Flash put users at risk

Corporate web sites that use Flash animation could allow hackers to control user's computers, according to a security expert.

The flaw allows malicious code to be executed on a user’s computer that runs the Flash software used by 98% of web users. The exploit was found by security firm eEye, which discovered and named the Code Red virus last year.

The vulnerability in Flash Version 6, revision 23 was confirmed by eEye and said this would ‘include most installations on Windows’. The flaw is attributed to a buffer overflow linked to an ActiveX control called Flash.ocx. Marc Maiffret, chief hacking officer at eEye said the attack could be performed via some HTML email clients or by visiting malicious websites.

Other versions of Flash could be affected and while the company acknowledged it had not tested them, it said that people who have a previous version of Flash that is not affected may be obliged to ‘upgrade’ to the defective version because the Flash.ocx file is signed by Macromedia.

Richard Barber of security consultants Integralis said such an attack was certainly feasible and could be used to affect multiple users.

‘It lends itself not only to manual attacks but large scale automated attacks which are very popular among hackers,’ said Barber. ‘This allows people to deploy zombie agents and other things that they want to do.’

He said the point of automated attacks was the hacker has a large population to attack and only expects a certain measure of success. The hacker then just sits there until an attack has been flagged before delivering their dangerous payload. ‘It is very nice and easy for the hacker to do and allows them to cover their tracks easily,’ he said.

Wayne Charlton, founder of music news website rnr-revolution.org believed that this was another good reason for corporate websites to ditch animation websites in favour of something with more substance.

‘It takes a long time for an awful gimmicky animation to download and that’s really annoying. But to find that your computer has been hacked afterwards is too much to bear,’ said Charlton. ‘Web users want real information not dancing monkeys on sticks.’

The company advised users wanting to download the latest version of Flash to go HERE.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter