A new vulnerability in Adobe Flash is being used to distribute malware. Cyber criminals are distributing .swf files (the Flash extension) crafted to exploit the new vulnerability in Adobe Flash in two different ways.

Users are infected when they visit a compromised website, which automatically opens a hidden IFRAME. According to McAfee, a Google search yields about 250,000 page results that contain malicious scripts referencing an SWF (Shockwave Flash) file.

“Through looking for sites serving these SWF exploits we’ve found a connection with recent mass hacks,” Craig Schmugar, senior antivirus researcher for McAfee, stated on the company’s blog. “Hacked sites reference an external script, just as they have for quite some time. But, the external scripts now reference an SWF file.”