Hackers will move to use rich content files next year
PDF and Flash files will be used by cybercriminals much more in 2009.
Finjan's Malicious Code Research Center has predicted that rich content files will be used to distribute malicious code.
In its web security trends report, MCRC claimed that cybercriminals are taking advantage of the specific functionality available in Flash ActionScript that enables the Flash file to interact with its hosted web page (DOM).
They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many site owners are not using it.
The report further reveals that large advert networks that serve Flash-based banner ads do not prevent their ads from interacting with the hosting webpage. The lack of configuration by advertising networks to prevent this interaction, between the served Flash-based ad's ActionScript and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.
Yuval Ben-Itzhak, CTO of Finjan, said: “Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime. Having the widespread distribution and the popularity of Flash-based ads on the web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware.
“Cybercriminals will continue to be highly successful in their crimeware attacks, deploying the latest technologies, especially sophisticated data-stealing Trojans. By staying ahead of traditional security methods, they will keep on maximising their considerable profits.
“The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies that can inspect each and every piece of Web content in real-time to detect malicious code without the need for signatures.”