Yes that’s true. If you are a Windows user and have Flash Player 9 or Flash Player 10 (latest) installed then you could be attacked by something known as drive-by attack in which hackers try to run malicious code embedded on Flash files (.flv) that are embedded even on trust worthy sites.

Secunia ran a test on 900,000 users and found out that 92% had Flash Player 9 and 31% had Flash player 10 both of which are vulnerable to this latest attack. Some anti-virus sites have reported hundred and in some cases thousands of websites initiating drive-by attacks on their visitors who have Flash Player installed.

The attack actually started off with rigged Adobe PDF Reader which also has parser for Flash content embedded in PDFs. Secunia found a good percentage using PDF reader too which is also vulnerable.

Adobe has confirmed that its Flash Player and PDF Reader are vulnerable to drive-by attack. A crucial security update is expected from Adobe not later then Thursday 30th July but by then thousands or perhaps millions of machines could be infected that might result in a catastrophe.

How to Secure Your System From Attack:

If you are a Windows user and have Firefox installed then you can install the NoScript Firefox add-on which block Flash from web pages protecting you from any malicious code embedded inside the flash being launched.

Install NoScript Plugin

For those who use other browsers, all you have to do is disable Flash and Adobe Reader support and here’s how to do it:

Windows Users:

Delete or rename these files:

%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll

%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll

Apple Mac OS X Users:

delete or rename these files:

/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle

/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework

Linux Users:

Delete or rename these files :

/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so

/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so