The other interesting malware du jour is a cross-platform infector, exploiting multiple browsers (Internet Explorer, Safari, Firefox, and so on) -- any that are capable of running the Macromedia Flash plug-in. Malware writers are writing rogue Flash files that can exploit Windows, OS X, and Linux.
Legitimate Web sites -- big, popular ones -- are innocently hosting banner ads that end up containing these malformed Flash files. Users, even with fully patched systems and the latest browsers, end up getting their "edit-copy-edit-paste" clipboard hijacked. The malware program deposits a malicious URL link on the user's clipboard so that every time the user pastes content, they end up pasting the bogus link instead of their content. This strange effect is an attempt to trick the user into clicking on the link or into inadvertently posting it into blog comments and the like. Here is a safe demo of the exploit. When you run it, your clipboard will be hijacked to contain www.evil.com as the text on the clipboard. You have to close the browser session and then copy new text to your clipboard to make it go away. In some cases, you may have to reboot your computer to get rid of the hijacking. Microsoft's MVP blog has a more comprehensive blog post on the clipboard hijacker.
There are a few notable points with this attack. First, it appears that we have a new Flash exploit on our hands that needs to be patched by Adobe. Second, although the initial exploits may seem innocent enough, historically, clipboard pasting attacks often serve as a harbinger to wider system exploitation using improved coding. Lastly, the days of not running anything but Internet Explorer as a defense strategy are increasingly becoming numbered. As other OSes and browsers become more popular, expect malware writers to continue to focus their efforts accordingly.
The last few weeks have been full of many other popular attacks, and per usual, as a global society we seem no better prepared for them than in the past. Still, luckily, so far criminal attackers have not found a remote buffer overflow similar to the SQL Slammer or Code Red attacks of yesteryear. Can you imagine how much damage criminals could cause if they had the power of those attacks?