3

It has been mentioned in security forums that the latest malware pathogens permit malefactors to record your keystrokes and send them to a server. As a result I've put a command in my ~/.profile to delete the ~/.Macromedia directory everytime start up a new Terminal window. However I am curious as to how flash does this, and whether closing a browser window/tab really causes such a key logger to exit.

Thanks for any clues.

Improve this question
3
  • 2
    I imagine that most keylogger "pathogens" aren't actually using Flash. More likely, an "arbitrary code execution" and/or "privilege escalation" vulnerability in Flash and/or the browser is leveraged to load the keylogger onto the system locally.
    – Iszi
    Commented Oct 5, 2011 at 17:16
  • 2
    Hi Mithras, welcome to IT Security! Could you provide a link or article title for source of your information? Without a specific reference we can only answer about general vulnerabilities.
    – this.josh
    Commented Oct 5, 2011 at 20:42
  • Hi this josh, if I recall I heard about Flash keyloggers on a radio program like NPR. Someone had written a book about how marketers can now read keystrokes & transmit them to marketing firms. But I heard this some time ago and I will have to research the issue a bit & get back to you.
    – Mithras
    Commented Oct 6, 2011 at 14:48

1 Answer 1

Reset to default
3

As Iszi noted, a lot of the threats from Adobe products come in the form of privilege escalation and remote code execution vulnerabilities in Flash, rather than features of Flash in general that can be used maliciously. If a malicious Flash script (or PDF, or executable, or anything else) can successfully compromise a machine, any variety of key loggers or network sniffers may be installed.

Additionally, there have been several Flash file overlay vulnerabilities. These problems allow a maliciously designed Flash file to detect keyboard input and mouse clicks without the user's knowledge. The primary purpose of these scripts is for clickjacking, however they could easily work as some sort of a key logger as well. It's important to note that these flaws are browser-based, not backgrounded Flash files.

In terms of defense, certainly removing a ~/.Macromedia directory couldn't hurt, but it might make sense to also killall npviewer.bin, which will kill all instances of Flash running on your Linux system.

Hope this helped!

Improve this answer
2
  • 1
    It's probably worth making special note (since it was part of the question) that a keylogger installed as described here can and probably will persist beyond the browser session, and likely even past a reboot. It probably also will not be removed by any sort of cache cleaning.
    – Iszi
    Commented Nov 22, 2011 at 22:04
  • With Firefox on Linux, you'll want to use killall plugin-container (in addition to killall npviewer.bin), as the name of the process has changed. Note that even if you kill the Flash processes, Firefox will probably re-start Flash again in the near future, so this only has temporary effect.
    – D.W.
    Commented Nov 23, 2011 at 1:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .