Clipboards hijacked in web attack

Computer security firms are warning about an attack that hijacks the clipboard where copied text is stored.

The attack puts a hard-to-delete weblink into the clipboard that, if followed, leads people to a website selling fake security software.

The code that inserts the link has been found in flash-based adverts seen on many legitimate websites.

The attack on the clipboard has hit both Windows and Mac users of the Firefox web browser.

Fake software

The attack has come to light as victims log reports in discussion forums of a weblink that appears in the clipboard in place of text they thought they had placed there.

It seems to work by exploiting Adobe Flash files used to make display adverts in such a way as to endlessly flush the clipboard of other text and constantly re-insert the malicious link in its place.

Getting rid of the link has proved problematic. Some report resorting to re-booting their machine to free themselves of it but others stopped it by killing the Firefox process thread.

"It's an interesting attack, but doesn't seem to be very widespread at the moment," said Mikko Hypponen, chief research officer at security firm F-Secure. "I don't remember seeing this before."

"It is a pretty clever technique," he said. "Our work would be so much easier if our enemy would be stupid."

Chris Boyd, director of malware research at Facetime Security, said he had been following the attack for several days.

Mr Boyd said he had seen many spam e-mails being sent out that had links to sites hosting the booby-trapped adverts.

"There's been quite a rash of rogue antivirus hijacks lately related to the fake CNN/MSNBC spam," he said.

Those following the link get taken to a page advertising a bogus anti-virus security program that erroneously tells people their machine is riddled with malicious software.

Computer viruses make it to orbit

A computer virus is alive and well on the International Space Station (ISS).

Nasa has confirmed that laptops carried to the ISS in July were infected with a virus known as Gammima.AG.
The worm was first detected on Earth in August 2007 and lurks on infected machines waiting to steal login names for popular online games.
Nasa said it was not the first time computer viruses had travelled into space and it was investigating how the machines were infected.

Orbital outbreak

Space news website SpaceRef broke the story about the virus on the laptops that astronauts took to the ISS.

Nasa told SpaceRef that no command or control systems of the ISS were at risk from the malicious program.

The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth.

The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection.

Once it has scooped up passwords and login names the Gammima.AG worm virus tries to send them back to a central server. It targets a total of 10 games most of which are popular in the Far East such as Maple Story, HuangYi Online and Talesweaver.

Nasa is working with partners on the ISS to find out how the virus got on to the laptop in the first place.

The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted.

It is thought that the virus might have travelled via a flash or USB drive owned by an astronaut and taken into space.

The space agency also plans to put in place security systems to stop such incidents happening in the future.

Nasa told Wired News that viruses had infected laptops taken to the ISS on several occasions but the outbreaks had always only been a "nuisance".