So if you are writing an e-mail to Aunt Millie, telling her to look at your eBay auction located at (paste), or to download Picasa to organize her photos - download here (paste), she's going to get the virus when she visits the bad site. And when someone has this ad loaded, they can copy all they want, but everything they paste will be just that URL. Then they signed up for some advertising networks, and submitted their bad ad, presumably paying considerable $$$ to get it featured on sites that you and I visit regularly, such as MSNBC and Digg. It works like a 'mail merge', where you have a layout file with 'tags' that determine where the various fields of the clip will appear in the 'output', in this case, the text actually pasted. Then they put it in an innocent-looking flash-based banner ad, with their harmful URL as the payload. Templates allow you to paste a clip along with other attributes of the clip such as the date/time that it was captured, the source of the data, URL, etc. Then they put it in a loop, to do it once a second.
PASTING URL CLIPMATE CODE
"Someone wrote a little piece of Adobe Flash code to copy text to the clipboard. The malware appears to affect Mac, Windows, and Linux machines and Firefox, Internet Explorer, and Safari browsers, according to ZD Net's Zero Day blog.Ĭhris Thornton, who created the "ClipMate" clipboard extender for Windows, gave an interesting description of the situation on his Clipboard Extender Dot Com blog: Users must reboot the computer to remove the link, The Register reports. It works like a 'mail merge', where you have a layout file with 'tags' that determine where the various fields of the clip will appear in the 'output', in this case, the text actually pasted into the target. The malicious link, which includes "xp-vista-update" in the URL, is copied into the clipboard and can not be over-written by copying new text to the clipboard. Templates allow you to paste a clip along with other attributes of the clip such as the date/time that it was captured, the source of the data, URL, etc. The ads have been spotted on, , and, and victims have reported on numerous forums and blogs that they appear to be fake alerts that a virus has been detected on the computer and offer to clean it up, according to antivirus vendor Sophos. A new type of Internet-based attack is spreading in which Flash-based ads seize control of a Web surfer's clipboard and paste in a link to a malicious site in the hopes that it will be spread from there into e-mails, blogs, and instant messages.