New zero-day vulnerability affects Adobe Flash

One of the samples obtained by Trend Micro's Smart Protection Network show that it's the same zero-day exploit that security researcher Kafeine had reported only hours earlier.

According to Trend Micro, most important details about this particular vulnerability are:

- It is affecting the latest versions of Adobe Flash Player.

- It is being exploited to install malware onto vulnerable systems.

- The exploit kit being used in this particular instance is identified as the Angler exploit kit that uses new techniques to hide its malicious routines.

- By tracking the most recent victims of the Angler Exploit kit, we believe that most of this vulnerability’s victims come from the US (84%) with a handful coming from Australia and Taiwan (9% and 5% respectively).

- Based on attacks seen so far, the installed malware’s main function is to perform ad fraud against ad networks.

Trend Micro said the ad fraud is done by a program designed to automatically click on certain ads on a certain website, artificially inflating the amount of clicks that ad gets. Since ad networks pay the owner of the website hosting their ads based on the amount of click each ad gets, ad fraud games the system by tricking the hapless ad network to pay more.

Trend Micro said the fact that the exploit installs malware onto users’ system, it may download and install other, more damaging and harmful malware onto the system so computer users should be alerted of the vulnerability.

A patch to address this vulnerability hasn't been released so users should turn Adobe Flash Player off for the time being. It has also been noted that Chrome's Flash Player plugin and Firefox is not affected by this threat.

Users who can't disable Flash Player can consider installing ad blocking software or browser extensions, Trend Micro said.