New Web Exploit Hijacks Your Clipboard… And Macs Are NOT Immune! [UPDATED]

Another day, another exploit.

Reports on a variety of sites (click here, here, here, here for examples) have detailed a new type of web attack that goes something like this:

  • You surf to a seemingly legitimate site ( and Newsweek comes up more than once)
  • A malicious link is copied to the clipboard.
  • The link remains even after the user copies a new batch of text to the clipboard. The only way to remove it is to reboot the computer.

The attack has been reported by Firefox users running both OS X and Windows (Sorry Apple Fanbois) as well as IE users, but I wouldn’t be surprised to hear that other browsers and operating systems are also vulnerable. At this point, there isn’t enough info for me to say for sure. The link (which I will not repost here) sends you to a site that claims your PC is infected with malware and you need to use a fraudulent anti-malware program to get rid of it. The only reason why I would think that the link is being shoved into the clipboard is that I guess they’re hoping that you’ll do a copy/paste into an e-mail and propagate it that way.

This attack appears to be coming from a carefully crafted .swf file, so the best way to protect yourself if you run Firefox is to run the NoScript extension in your Firefox browser. IE users might want to try the following:

  • Open up Internet Explorer and select Tools > Manage Add-ons.
  • Depending on your Internet version, the options might vary a bit. Either look under Add-ons currently loaded in Internet Explorer or under Add-ons that have been used by Internet Explorer. IE7 has an additional option too.
  • Select the Shockwave Flash Object and set its status to disabled. Ok the boxes and restart Internet Explorer as required.

The web won’t look nearly as pretty, but at least you won’t get infected. That buys you time until a fix comes out.

UPDATE: Ubuntu machines are exploitable too.

One Response to “New Web Exploit Hijacks Your Clipboard… And Macs Are NOT Immune! [UPDATED]”

  1. […] public links >> shockwave Christ the Redeemer [wooooow] Saved by emilygoat on Thu 04-12-2008 New Web Exploit Hijacks Your Clipboard… And Macs Are NOT Immune!… Saved by Minimiscience on Thu 13-11-2008 ShiftHappens, Did You Know 2.0 Saved by stuckonmcr101 on […]

Leave a Reply

%d bloggers like this: