The WindowsWorkstation.com Forum

How exploit packs are concealed in a Flash object

Forums General General Discussion Windows Security How exploit packs are concealed in a Flash object

Viewing 0 reply threads
  • Author
    Posts
    • 29th April 2015 at 11:52 #44949
      hackerman1
      Moderator

        How exploit packs are concealed in a Flash object

        “One of the most important features of a malicious attack is its ability to conceal itself from both protection solutions and victims.
        The main role in performing a hidden attack is played by exploits to software vulnerabilities,
        that can be used to secretly download malicious code on the victim machine.
        Generally, exploits are distributed in exploit packs which appear in the form of plugin detects,
        (to identify the type and version of software installed on the user computer),
        and a set of exploits one of which is issued to the user if an appropriate vulnerability is found.

        Recently, we have come across a new technique used to hide exploit-based attacks: fraudsters packed the exploit pack in the Flash file.

        Downloading an Exploit
        The standard technique used in a drive-by attack is to compromise a web site with a link,
        leading to a landing page with the exploit pack.
        From there the pack uploads the necessary exploit onto the user computer.
        From the point of view of security software, this unmasks all the components of the exploit pack,
        because they are simply uploaded onto the landing page.
        As a result, the exploits and the plugin detects are visible in the web traffic.
        The criminals must mask each component separately if the attack is to go unnoticed.

        The unconventional new approach with the Flash package is definitely more efficient for criminals.
        The standard landing page is missing.
        The user follows the link to get to a page with a packed Flash object that turns out to be the exploit pack,
        and the configuration file in an image form.
        The packed Flash file with the exploit pack is loaded to a page in the browser and has the right to write to and modify the page,
        i.e. it can add exploits to the page which will then be executed.”

        Full story: https://securelist.com/analysis/publications/69727/how-exploit-packs-are-concealed-in-a-flash-object/

        It´s a good idea to run the browser in a sandbox when watching videos…. 😉

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.