Hack of Hacking Team Leads to New Flash Player Malware Alert

Ironically Hacking Team, an Italian-based company that provides intrusion and surveillance tools to governments and law enforcement agencies, is among recent hacking victims. The attackers were able to extract 400 GB of data and are now leaking details about the company’s clients. The attack may have been facilitated by poor password standards within Hacking Team as the leaked information revealed passwords like “Password!’ or “ Pas$word”.

Hacking Team’s reputation was already in question for selling their “spy tools” to oppressive governments, but now researchers are also finding vulnerabilities and exploits among the leaked data. The most concerning is a zero-day Flash vulnerability that the Hacking Team called “the most beautiful Flash bug for the last four years.” Anti-virus firm Symantec has tested and confirmed the malware.

According to a recent Symantec blog, “Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.” The vulnerability is active on the latest version of Adobe Flash Player (18.0.0.204) and exploiting it could cause a crash and allow an attacker to gain control of the affected device.

What To Do

A patch is now available in Adobe Flash Player (18.0.0.209). Visit the Adobe Security Bulletin for information and download links to the updated versions.

Even better, users concerned with this issue are strongly encouraged to remove Flash Player altogether, or temporarily disable Flash Player in their browser by following these steps:

Internet Explorer versions 10 & 11

  1. Open Internet Explorer browser
  2. Click on the “Tools” menu, and click “Manage add-ons”
  3. Under “Show” select “All add-ons”
  4. Select “Shockwave Flash Object” and the click on the “Disable” button
  5. You can enable Adobe Flash Player using the same process

Firefox

  1. Open Firefox browser
  2. Open the browser menu and click “Add-ons”
  3. Select the “Plugins” tab
  4. Select “Shockwave Flash” and click “Disable”
  5. You can enable Adobe Flash Player using the same process

Chrome

  1. Type “chrome:plugins” in the address bar to open the page
  2. On the plug-ins page, find the “Flash” listing
  3. To disable Adobe Flash Player completely, click on the “Disable” link under its name
  4. You can enable Adobe Flash Player using the same process
Print Friendly, PDF & Email