Malicious swf files? (SANS)

Adobe flash player vuln（SANS) - まっちゃだいふくの日記★とれんどふりーく★の件で、Exploitが出回っているそうです。

hxxp://www.play0nlnie.com/pcd/topics/ff11us/20080311cPxl31/WIN%209,0,115,0ie.swf
Which gives us a couple of things. One is that this would seem to be an exploit against Adobe Flash Player. Second is that the apparent vulnerable version would be 9.0.115.0. Third is that there is likely additional malware to see continuing down the rabbit hole. Interestingly this SWF file may be exploiting CVE-2007-0071 and not the potentially new previously unknown vulnerability announced by Symantec today, assuming they are different.
At this time Adobe still has not released any significant information at their blog http://blogs.adobe.com/psirt/ some clarification would be nice.
Indeed, hxxp://www.play0nlnie.com/ax.exe is downloaded, then hxxp://www.play0nlnie.com/setip.exe
Virustotal was 7/31 for ax.exe, and 7/31 for setip.exe earlier this evening.
Other examples of sites serving malicious swf files are now rolling in, which is the perfect timing for me to hand off the awesome power of the Handler On Duty (HOD) reigns to Jim. Hit the Big Red Button (BGR)!! Must go InfoCon orange...

Trendmicroさん、うまいこと図を入れて説明している。

これなら、一般の人でもわかりやすいかも。

Flash Bugs Exploited in Latest Mass Compromise - TrendLabs Security Intelligence Blog

関連URL

Security Advisory SA30404 - REVOKED: Adobe Flash Player Unspecified Vulnerability - Secunia

GFI LABS Blog: Zero day flash

JVNVU#395473: Adobe Flash Player に任意のコード実行の脆弱性

Another example of malicious SWF(SANS)

News from the Lab Archive : January 2004 to September 2015

McAfee Threat Center – Latest Cyberthreats | McAfee

InfoSec Handlers Diary Blog - So, how do you monitor your website?

http://www.securityfocus.com/brief/744

Adobe Flash Playerの脆弱性を悪用した「SWF_DLOADER」ファミリの脅威 | トレンドマイクロセキュリティブログ

Flashのセキュリティ脆弱性を突く攻撃を確認--米セキュリティ調査機関が警告 - ZDNet Japan

Flashのセキュリティ脆弱性を突く攻撃を確認--米セキュリティ調査機関が警告 - CNET Japan