FANDOM


A SWF based attack that lasted under a duration of two hours was found targetting Live Journal. This attack employs the use of Action Scripts' cross-domain scripting to make account changes. It attempts to collect usernames, email addresses and "last post" related information.

The SWF file is embedded as a part of a post. It affects any logged-in user that reads and infected post would be vulnerable to loss of private information and may have any of their posts appended with the malicious SWF file. In this way, the worm retrieves user information while spreading. Network activity to the followings domains are related to this attack:

simplecdn.net

bit.ly

cancelar.biz

fpv-guru.hu

lucidguild.net

Exploit-SWFRedirector.b is a detection for SWF related exploits. They may cover a broad range of detections that may encompass Action Scripts written with malicious intent, such as those that may cause redirection to websites which may host exploits.