> Date: Tue, 11 Dec 2007 00:22:43 -0800 > From: "Daniel H. Renner" <[EMAIL PROTECTED]> > To: [email protected] > Subject: Re: [funsec] Malvertising > > As was seen when MySpace visitors were hit last October in attacks via > advertising banners, and a year ago when 1 million MySpace visitors were > hit via banners, and when Falk-Ag was hit, and when... > > Can you say "hosts file"?
I can. But how does this help? > > > Sincerely, > > Daniel H. Renner > President > Los Angeles Computerhelp > A division of Computerhelp, Inc. > 818-352-8700 > http://losangelescomputerhelp.com > > > > [EMAIL PROTECTED] wrote: > > Date: Thu, 6 Dec 2007 21:53:45 -0600 > > From: <[EMAIL PROTECTED]> > > Subject: [funsec] Malvertising > > To: <[email protected]> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="us-ascii" > > > > http://isc.sans.org/diary.html?storyid=3727 > > > > > > > > Malvertising > > > > Published: 2007-12-06, > > Last Updated: 2007-12-06 17:06:55 UTC > > by William Salusky (Version: 1) > > > > Malvertising (malicious advertising) is a reasonably fresh take on an online > > criminal methodology that appears focused on the installation of unwanted or > > outright malicious software through the use of internet advertising media > > networks, exchanges and other user supplied content publishing services > > common to the Social Networking space. The most popular Malvertising vector > > active "in the wild" is a result of the client rendering of Adobe Flash SWF > > files that contain maliciously coded Flash ActionScript. In my own limited > > (but growing) experience, Malicious SWF files may share one or more of the > > following features: > > > > * They are often protected from casual swf decompiler tools though the > > use of commercial SWF encryption tools > > * May contain complex de-obfuscation routines to hide the actual > > intent of any embedded ActionScript. > > * May directly contain exploit code used to attack the client > > * May act solely as the drive-by vector in performing a 'GetURL' > > equivalent referral to the actual upstream exploit host > > * May primarily be a Social Engineering attack to confuse or trick a > > user into accepting the installation of software > > * Contains time sensitive payloads which do not go 'live' until a > > specific date and time. > > > > In light of a growing problem that has the potential to effectively place > > every internet user at risk, even when only visiting sites they would > > otherwise fully trust, there is at least a new tool available to assist the > > security researcher community with a means to better identify malicious SWF > > files. The timing for this is excellent, as I have personally only learned > > of this tool just this morning. This particular tool is the OWASP hosted > > project named 'SWFIntruder'. I will be doing my own deep dive into the > > details of it's use for inclusion into my own SWF analysis tool bag. The > > personal SWF analysis tool bag happens to include two other freely available > > (also cross platform) SWF file decompilers: > > > > SWFIntruder : https://www.owasp.org/index.php/Category:SWFIntruder > > swfdump : http://www.swftools.org/ (source available) > > and 'flare' : http://www.nowrap.de/flare.html (binary only) :( > > > > We may expand on how you might consider applying security mitigations for > > this threat type as a protection for the average user which may include your > > spouse, parents, children, corporate network users, etc... in a future > > diary. Please do write in with your own insights into the malvertising > > problem space. > > > > William Salusky > > Handler on Duty :) > > > > > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. ------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 San Jose, CA 95134 I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
