Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Oh goody. Another SWF display conduit to keep an eye on :o(

July 3rd 2008 in Uncategorized

Adobe Reader 9 has been released, and guess what, it can display SWF and FLA files… I wonder what implication this has with regards to the security landscape surrounding malicious SWF.   Are we going to have to watch out for PDFs which contain malicious SWF? 

I simply do not have enough information to judge the safety implications (or otherwise) of this new Adobe Reader feature…  I quote from the announcement on the Adobe reader blog:

“Adobe Reader 9 can natively display rich media content, which you’ll notice immediately with Portfolios. Interested in viewing SWF and FLV files? Adobe Reader 9 is the answer.”

The first thing that occurs to me that is our number one complaint about malicious SWF is that there is no way for the end user to stop the initial hijack that exposes them to malicious domains.  If Adobe Reader 9 prompts for user permission before opening a web browser, then in that way Adobe Reader is a safer way to view SWF.  If, on the other hand, the Reader allows an SWF to open a web browser without user interaction, then we are facing yet another conduit to danger.

Source:  http://blogs.adobe.com/adobereader/2008/06/adobe_reader_9_is_here_1.html

Oh, and while I think of it – the ActiveX changes in Internet Explorer 8 have the potential to make things safer for users when it comes to malicious SWF (and other ActiveX controls).  This is because IE8 will allow the user to choose to install ActiveX for all users, or just one user on the computer, AND it also will also introduce “per site” ActiveX.  That is, when you are prompted to allow an ActiveX control to run, you will be able to choose to allow the control to run at that one web site, or all web sites.  So, if you need Flash for one particular site, but don’t want Flash to be available to other sites, then you will be able to approve Flash for just that one site – cool, yes?

One comment to...
“Oh goody. Another SWF display conduit to keep an eye on :o(”


Also, how about advertisements in our PDFs – straight from the minds of Adobe and Yahoo. They put that on http://labs.adobe.com/

I’ve been keeping a close eye on Australian web sites that have been affected by malicious SQL injection attacks, specifically concentrating on sites that are ‘repeat offenders’. One of the repeat offenders is walkingchallenge.gov.au.  On that site I found code pointing to the domain ucomddv.com (created today, 2 July 2008), and what may be a […]

Previous Entry

Kimberly, who is monitoring the ongoing malvertizement problems at isuisse.com, ibelgique.com and iquebec.com, has discovered a new malvertizement featuring Forex Autopilot. “A yet unseen, new malvertizement is present on the homepage of isuisse.com, ibelgique.com & iquebec.com. The banner advertises Forex AutoPilot and the creative is belonging to the new generation created with Fuse Kit 2.1.4. […]

Next Entry