Last month Flash Player had to be updated because of a nasty bug that allowed evil-minded people to take control of a computer after an Excel spreadsheet with an embedded malicious Flash file had been opened on the system. This is of course not the only time Flash and Adobe have had security problems, so the question is if we really need Flash?

Apple isn't including any of Adobes products as pre-installed software on their products any more, with the reason that the users should download the latest version directly from Adobes web site if they wish to use it. None of the mobile devices from Apple support Flash at all, not even as an optional download. This could be a political thing, but it shows that Adobe got problems and they need to work on the security in their products.

Also Adobe needs to build up a good reputation because of the up-coming competition from HTML 5 to play video. Previously it wasn't possible to play video with just HTML, so Flash had a market, but with HTML 5 it's a different story. As soon as all web browsers have updated to follow the standard HTML 5 you don't really need Flash any more. So if Flash should have a market Adobe need to do something that's better than HTML 5. Why would anyone otherwise install and run Flash if they can use HTML 5 without plugins?

Youtube for example can already play video without Flash for iPhones and iPads and I guess that's because Safari is already updated to support video in HTML 5. This means that everyone with a Mac, or iUnit from Apple don't need to install Flash to watch Youtube and if Youtube is working without Flash for these units it must work with other web browsers too that support HTML 5.

Some people say that Apple predicted or even started the doom of disk drives when they removed it from Macs and now Flash has been removed from the Macs. What do you think? Will this be the end of Flash?

Do we really need Flash? from Xavier Media®

A malicious iframe exploit is currently being loaded by thousands of sites all over the Internet according the Scansafe blog. These sites are not any kind of criminal sites at all, they are completely legitimate sites which also make the visitors easy targets since they are not expected to get backdoor trojans, password stealers, and downloaders installed against their will and knowledge . Some examples of infected web sites are www.feedzilla.com, latindiscover.com, howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com.

The infected sites got a small piece of code inserted in the normal HTML code which is loading a Javascript. Once the Javascript has been loaded it will in turn load additional exploits and malware from up to seven different malware domains!!!

So how do you protect yourself from this kind of evil software? The best thing is to have an up-to-date antivirus software installed, but you should also make sure that all other softwares you're using like web browsers, Adobe reader, etc are updated with the latest versions. It's of course also important to install all the latest Windows updates from Microsoft, so If you haven't done so yet you should turn on automatic updates where possible.

If you have a blog or web site you should of course check your site for weird code you haven't uploaded yourself. In this case you should search for the following code string:

"script src=http://a0v.org/x.js"

At XavierSeek.com you can search for this code string and if you also fill in your domain name in the search field together with the code string you can easily see if your site is infected.

Click on the image to start searching your own sites, just replace sampleaddress.com with your actual domain name. You owe all your visitors and clients to keep your site malware free because they trust you

Thousands of sites compromised by backdoor from Xavier Media®

The security holes in Flash and Reader we wrote about earlier have now been fixed by the latest update from Adobe. The update will solve no less than twelve security issues, ten of them are labelled as critical and can be used by hackers to take control of user's computers.

The vulnerability affect users of Windows, Mac and Linux, so it's recommended to update your software as soon as possible.

Security updates from Adobe from Xavier Media®

According to the Danish security company Secunia as many as 92 percent of all Windows users to be harmed a serious security hole in Adobe Flash. Adobe has announced that it will not have an update ready before Thursday! Users can follow some instructions found on Adobes web site to protect themselves while waiting for the update from Adobe.

This is not the first time when Adobe is having problems with the security.

The security hole is due to a bug in Adobe Flash, which makes it possible to take control of a users computer by using malicious code in a Flash animation. The problem can affect even legitimate sites used by hackers, so extreme caution is recommended to all Windows users using Flash version 9 or version 10. According to Secunia 100 percent of all Windows users got either of the two version of Flash installed.

The problem exists even in Adobe Reader. PDF documents that has an embedded Flash animation can exploit the security hole.

Yet another security hole from Adobe from Xavier Media®

The virus attacks the computers by older versions of Adobe Reader and Adobe Flash. When a computer has been infected the Google search engine is then affected, whose results quietly redirects to sites that then steal information from your own computer. The aim is to obtain information, for example bank accounts and credit card numbers.

Gumblar can get into your computer through web sites without the owner noticing.

Although the virus has been known for a while, its activity increased during the past week. It was identified first with a URL in China, but has developed a new technology to evade detection. The updated version also attack more effectively Google users to circumvent Google's black list of suspected sites.

When Gumblar became publicly known last week was about 800 sites affected. This week, reports security company Scan Safe to over 3 000 sites are affected, writes PC for all.

One way to protect yourself is to have the latest versions of Adobe Flash, Adobe Reader and Windows Update.

Gumblar attacks Google users from Xavier Media®

Finnish F-Secure is recommending people to stop using Adobe Reader due to
all security vulnerability in that software lately.

This year over 47% of all direct attacks have been using security problems
in Adobes softwares according to Mikko Hyppönen from F-Secure. His advice
is to completely stop using Adobe Reader and instead switch to some other
reader. There are plenty of free PDF readers at www.pdfreaders.org, a
website listing free PDF readers. If everyone is using different PDF
readers it's much more difficult to do direct attacks against security
vulnerabilities in just one of the readers.

Last month Adobe secured a vulnerability that had been used by attackers
for several months, and Hyppönen is saying that Adobe must increase their
focus on security issues.

Do not use Adobe Reader from Xavier Media®

One of the largest bot networks today is Srizbi which will turn your computer into a zombie that wil flood Internet with spam. According to Marshal Trace the network has increased it's spamming from about 3% of all spam to 9.9%.

The thing with this network is that it's tricking it's victims to install the bad software by requesting a special plugin to view a video for example. Another example is an email looking like someone want you to check out a page at Classmates.com, but when you visit that page you're requested to install a special browser plugin to view the entire message. Therefore you should stay alert for anything that require other plugins then the plugins from known developers like Sun and Adobe.

Bot network spam from Xavier Media®

First is Symantec reporting about a vulnerability in Adobes Flash that may be causing over 200,000 sites to be in danger, then a few days later Symantec is reporting that they may have made a mistake.

An old version of Flash (version 9.0.115.0) contained the bug causing problems for players with that version, but the problem was fixed on April 8th by Adobe. When Symantec first reported about the problem they hadn't tested using the latest version of Flash (version 9.0.124.0). If you have the latest version of Flash you don't have to worry at all, but if you got Windows XP and an older version of Flash you may want to visit www.adobe.com and upgrade to the latest version as soon as possible.

Symantic and the bug that disappeared from Xavier Media®