Mass exploitation with Adobe Flash
Threat Type: Malicious Web Site / Malicious Code
This vulnerability is not a 0-day and users with the latest version of Flash Player (version 220.127.116.11) are safe. However, there are still many on older versions of Flash that are unaware of this mass web infection and are susceptible to this drive-by attack. An update to the latest version of Flash Player is highly recommended.
Websense ThreatSeeker has been tracking these malicious web sites and have discovered numerous reputable web sites that are now unwilling participants, infecting their very own visitors. These sites are from various industries such as government, education, healthcare, finance, media, and entertainment. This attack also attempts to exploit other popular vulnerabilities such as MDAC, RealPlayer, and various ActiveX controls.
Websense customers are protected from this drive-by threat.
The following are web site screenshots from: Microsoft, Dept. of Education (Australia), PBS, Durex, CDC (Centers for Disease Control and Prevention), Discovery Channel, various universities and a Pakistani district government.