Apparently safe PDFs and Flash files, but with obfuscated malicious code, are being used by cyber criminals to infect PCs, according to Finjan’s Malicious Code Research Centre (MCRC).
In its Web Security Trends Report Q4, MCRC shows how cyber criminals are using both to infect PCs by taking advantage of functionality available in Flash ActionScript that enables files to interact with the hosted web page (DOM).
Evidently, they embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many sites owners are not using it.
The report further unveils that large ad networks serving Flash-based banner ads did not prevent their ads from interacting with the hosting webpage.
“Using rich content applications to distribute malicious code has become the latest trend in cyber crime,” says Yuval Ben-Itzhak, CTO of Finjan.
“Cyber criminals will continue to be successful in their crimeware attacks, deploying the latest technologies, especially data-stealing Trojans. The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection that can inspect each and every piece of web content in real-time to detect malicious code without the need for signatures.”