Cybercriminals use Flash ads for distributing malicious code

Finjan announced the latest findings by its Malicious Code Research Center (MCRC) indentifying and analyzing the latest trends in cybercrime. Cybercriminals take advantage of the specific functionality available in Flash ActionScript that enables the Flash file to interact with its hosted web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many sites owners are not using it.

The report further unveils that large ad networks serving Flash-based banner ads did not prevent their ads from interacting with the hosting webpage. As demonstrated in the report, the lack of configuration by ad networks to prevent this interaction, between the served Flash-based ad’s ActionScript and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.

Here are some predictions for 2009:

  • Cybercrime will keep on rising with an increasing number of unemployed IT professionals joining in.
  • Cybercriminals will benefit from the Obama Administration’s plan to bring Broadband Internet access to every American.
  • Cybercriminals will continue to leverage the most advanced techniques and services that Web 2.0 can offer, with a focus on Trojan technologies.

Don't miss