CryptoWall spreading via HT Flash 0-day
Well that didn’t take long.
UPDATE 1: Chromes Sandboxing may be a useful defence.
UPDATE 2: Adobe have released a patch: https://www.adobe.com/products/flashplayer/distribution3.html
ACTION REQUIRED: Update your Flash player now! Disable Flash unless required, uninstall Flash completely or set Flash as click-to-play in all browsers. A decent guide for click-to-play can be found here: How to Enable Click-to-Play Plugins in Every Web Browser
The Flash zero-day exploit found in the Hacking Team leak has been weaponised and included in the Angler, Nuclear and Neutrino Exploit Kits, according to various reports.
Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day.
CryptoWall 3.0 has been identified as one of the payloads being distributed using the Zero-day.
This means you can be infected simply by browsing to a malicious or compromised website.
MalwareBytes have a report: PSA: Flash Zero-Day Now Active in The Wild
Kafeine’s post is here: CVE-2015-5119 (HackingTeam 0d – Flash up to 220.127.116.11) and Exploit Kits
Personally, I think you should uninstall Flash and never look back.
I will update once Adobe release a patch or more information is at hand.