A Flash in the Pan
Posted by Maxim Weinstein
It appears that someone took advantage of an unpatched hole in Adobe Flash player, along with a SQL injection attack, to initiate a drive-by download to visitors of some 20,000 websites. The target? “It turns out that the whole attack just steals World of Warcraft passwords...”
Even if you’re not a World of Warcraft player, you may still want to protect yourself from the download. Since the Flash vulnerability is not yet patched, this will require some combination of heeding warnings about dangerous sites and keeping your security software up to date. Or, if you want full protection with a corresponding loss of functionality, you can always uninstall Flash Player or use a browser plug-in that blocks Flash objects.