1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default How exploit packs are concealed in a Flash object

    How exploit packs are concealed in a Flash object


    "One of the most important features of a malicious attack is its ability to conceal itself from both protection solutions and victims.
    The main role in performing a hidden attack is played by exploits to software vulnerabilities that can be used to secretly download malicious code on the victim machine. Generally, exploits are distributed in exploit packs which appear in the form of plugin detects,
    (to identify the type and version of software installed on the user computer) and a set of exploits,
    one of which is issued to the user if an appropriate vulnerability is found.

    Recently, we have come across a new technique used to hide exploit-based attacks: fraudsters packed the exploit pack in the Flash file.


    Downloading an Exploit
    The standard technique used in a drive-by attack is to compromise a web site with a link leading to a landing page with the exploit pack.
    From there the pack uploads the necessary exploit onto the user computer.
    From the point of view of security software, this unmasks all the components of the exploit pack because they are simply uploaded onto the landing page.
    As a result, the exploits and the plugin detects are visible in the web traffic.
    The criminals must mask each component separately if the attack is to go unnoticed.

    The unconventional new approach with the Flash package is definitely more efficient for criminals.
    The standard landing page is missing.
    The user follows the link to get to a page with a packed Flash object that turns out to be the exploit pack and the configuration file in an image form.
    The packed Flash file with the exploit pack is loaded to a page in the browser and has the right to write to and modify the page,
    i.e. it can add exploits to the page which will then be executed."

    Full story: https://securelist.com/analysis/publ...-flash-object/

    Its a good idea to run the browser in a sandbox when watching videos....
    Last edited by hackerman1; 29th April 2015 at 11:54.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22