SWF for malware deployment
Mea culpa: Marian is apparently male, not female.
Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware. She He states:
"What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors"
Yep, we know this ... that is why Flash is "the Typhoid Mary of the Internet".
I'm glad that Marian has written about the problem of malicious SWF, but I admit that this got my back up:
"More and more each day I see SWF files being sent to us as a potential part of a malware deployment chain. Most of the times it is not the case, but because of these special cases where the submitter was actually right, I decided to write this entry."
I don't know about you, but I am not too happy with the "special cases where the submitter was actually right" quip.
Regular readers of my blog will know that we have been fighting this problem for years - "we" being me, other security researchers such as Kimberley, every big advertising network there is (and lots of small ones), the web sites who have been victims, the end user victims themselves - every big name has been hit at some time or other - Microsoft, Google, Yahoo, AOL, Doubleclick, 247RealMedia and myriad advertising networks. For Marian to call the examples that she he found "special cases" minimizes the existence of malicious SWF in a way that I find discomforting.
As for her his statement:
"I’ve been spending part of today tracking down some SWF files that are part of “the dark side”.
I wish she he had got in touch - I have thousands of samples available for her his viewing pleasure on this machine alone.