Adobe Fuse and Flash Dangers - Malicious Web Advertising

Posted Monday, August 18, 2008 5:44 PM by hwaldron

This recent Sunbelt posting shares how malware writers are currently using these products to create malicious ads that can even appear on more popular mainstream sites if the webmasters aren't careful (e.g., Antivirus 2009).  I've had training in Dreamweaver and Cold Fusion Studio in the past and we've used Fuse at my prior company.  Fuse is a compilation tool and a good product as well.  

As Flash is the MOST WIDELY INSTALLED software product possibly in the Internet environment, it is being misused by the bad guys.  While Fuse itself is not a malicious product, this highly productive tool allows these malicious authors to compile and create professional looking banner ads.  Webmasters need to be viligant and test each sponsored ad for malware, as UNPATCHED versions of Flash can be used to redirect users to hostile sites or download malicious code.

Users need to be careful of banner ads and any encounters of Flash based objects on websites.  More importantly, they should ensure they are on the latest available version.

Unintended consequences and Fuse Kit
http://sunbeltblog.blogspot.com/2008/08/unintended-consequences-and-fuse-kit.html

QUOTE: Fuse Kit is a cool utility to create animations in Flash. Unfortunately, it’s popular with malware distributors, who are using it to create malicious advertisements.  These malicious advertisements get served on sites — even mainstream sites.

They push malware. (Just to make sure there’s no confusion, this is not a drive-by exploit. Typically the user will see a fake “system scan” message that “Your system is infected!”. If the user actually believes it and clicks “OK”, and then downloads and installs the “security software”, the infection will occur. However, it’s not to lighten the effect — it’s very devious social engineering.)

Star More from Sandi Hardmieir, who has been doing just about the best job of tracking these:

I am seeing reports of the malicious redirects remaining dormant for a week before visitors to victim web sites are hijacked and redirected to fraudware sites. Web sites simply *must* increase their due diligence checks with any new advertiser. It is going to take time, and it is going to cost money, but what alternative do web sites have if they want to protect and keep their readership, and if they want to avoid the inevitable end result of malvertizing, which is that more and more of visitors to their sites are going to block all advertising.

Additional Resources to ensure safer operations using FLASH

Adobe test site which will show latest version
(should be 9.0.124)
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507

How to manually update if needed
(Be sure to uncheck Google Toolbar)
http://www.adobe.com/products/flashplayer/ 

Adobe Flash Player Flaw - Massive Exploitation reported
http://msmvps.com/blogs/harrywaldron/archive/2008/05/29/adobe-flash-player-flaw-massive-exploitation-reported.aspx

Adobe Flash - How to disable and enable in IE 7 or IE 8
http://msmvps.com/blogs/harrywaldron/archive/2008/05/30/adobe-flash-how-to-disable-and-enable-in-ie-7-or-ie-8.aspx

Comments

No Comments