After Heartbleed and IE, it's time for Adobe Flash Player to take the hit.
According to Kaspersky's Blog " We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer."
Both exploits were detected on the Syrian Ministry of Justice's website, which was designed as an online form for citizens to complain about law and order violations, and got hacked in September 2013." We believe the attack was designed to target Syrian dissidents complaining about the government." Kaspersky Lab said.
They also detected seven unique users computers, all of them in Syria, which is not surprising considering the nature of the site. The interesting part is that all the attacked users entered the website using various versions of Mozilla FireFox.
Kaspersky continued " It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this."
