TrendHackers target rich content files

Published 10 December 2008

New security report says that PDF and Flash files will be used by cybercriminals much more in 2009

Be prepared. Finjan’s Malicious Code Research Center has predicted that rich content files will be used to distribute malicious code. In its Web security trends report, MCRC claimed that cybercriminals are taking advantage of the specific functionality available in Flash ActionScript that enables the Flash file to interact with its hosted web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many site owners are not using it.

SC Magazine reports that the report further reveals that large advert networks that serve Flash-based banner ads do not prevent their ads from interacting with the hosting Web page. The lack of configuration by advertising networks to prevent this interaction, between the served Flash-based ad’s ActionScript and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.

Yuval Ben-Itzhak, CTO of Finjan, said:

Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime. Having the widespread distribution and the popularity of Flash-based ads on the web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware.

Cybercriminals will continue to be highly successful in their crimeware attacks, deploying the latest technologies, especially sophisticated data-stealing Trojans. By staying ahead of traditional security methods, they will keep on maximizing their considerable profits.

The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies that can inspect each and every piece of Web content in real-time to detect malicious code without the need for signatures.