Idiots er people are using Flash apps to hijack the clipboard putting a url in the clipboard that won’t go away till the browser is closed. This effects Firefox, Opera, IE, and Safari even on Linux and Mac. By seizing control of the clipboard they are able to place a URL to a fake anti virus program.
These have been showing up on sites such as Newsweek, Digg, and MSNBC.com. They are showing up in forums and in comments on blogs. So if you go to a page and all the sudden every time you right click and paste or cntrl + v something and you see a URL, unless you put it there do NOT go it.
If you want to test this out go here Aviv Raff a Security Researcher has created a proof of concept. This will insert http://www.evil.com into your clipboard and will NOT go away till you close out the browser. So click THIS LINK HERE to test.
If you are interested in knowing how this works, I’ll tell ya. It uses a continuous loop within flash that calls the command setClipboard. Closing the Tab or Browser will break the loop and allow you to copy and paste again.
So once again they are betting on the fact that some /luser will actually go to the site, download and install the software. Guess what… People have done it! I guess you could also exploit this if the person had something like I don’t know… maybe a Clipboard monitor that ran or did something like download automatic. Either way be careful.
Now Gmail, the exploit is not out yet. It will be soon but seems Google has paid enough attention to add to your Gmail settings. The setting you are looking for is under Settings -> General scroll to the bottom and select Always use https. Do this because just going to https://www.gmail.com does NOT work. This only secures the authentication and not the rest of the data. This one I take from Nike and tell ya, Just Do It!
