Latest Sneaky Web Attack: Hijacking Your Clipboard To Post Spammy Links

from the now-that's-creative dept

Spammers and scammers keep upping the game against security researchers, sometimes in creative ways. And, in fact, it would appear that the latest sneaky trick making the rounds is almost admirable in its sneakiness. For example, take a look at this latest hack, which hijacks your clipboard, and repeatedly places a link to a site for fake security software. The hijack takes place through flash advertisements (even those found on legit sites), which is all the more reason to use AdBlock or FlashBlock or NoScript or something to protect you. However, what it's banking on, is the fact that plenty of people quickly cut and paste links they want to send around or post in other blogs and forums. When done quickly, many people won't even notice that they're not pasting the link they thought they cut from elsewhere -- thus getting lots of folks to inadvertently spam links. This must be incredibly annoying for those who get hit with it, but that doesn't take away from the creativeness of the attack itself. Even security researchers, like Mikko Hypponen, are grudgingly tipping their hats on this hack: "It is a pretty clever technique. Our work would be so much easier if our enemy would be stupid."
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: clipboard, links, malware, spam

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Andrew D. Todd, 19 Aug 2008 @ 3:15am

    Dysfunctional Relationship

    Mozilla needs to recognize that it has a dysfunctional relationship with Adobe. If Mozilla will not recognize this, then forking is in order. Once the dysfunctional relationship is recognized, the remedies are fairly simple.

    I'll try not to be smug like Dave, but I've got a Windows Machine and a Linux machine on the same desk, with a KVM switch and so forth to tie them together, and I'm sort of gradually transitioning over to the Linux machine. On the Linux machine, (Gnome) Evince is a basically satisfactory Acrobat document reader. It doesn't do some of the advanced scripting features, but it seems to read essentially any real-world Acrobat document I try it on. Mozilla needs to come up with the funding to get Evince ported to Windows, and to bundle it into the various Windows Mozilla distributions. I understand that GNASH, the Free Software Foundation's replacement for Flash, is not as far along as Evince, and no doubt some additional work would be in order. People may still need to use Adobe products, but let this be reserved for the rare cases of files which will not run on Evince or GNASH, and let people choose to save the files and then run them, as a matter of calculated risk.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

Introducing the new Techdirt Insider Chat, now hosted on Discord. If you are an Insider with a membership that includes the chat feature and have not yet been invited to join us on Discord, please reach out here.

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.