In a new report, M86 Security observed a new trend of attackers abusing Adobe's ActionScript to obfuscate malicious code. ActionScript is the programming language of the Adobe Flash platform.
New research has found attackers are abusing Adobe System's
ActionScript programming language to dodge anti-malware defenses.
ActionScript is the programming language of the Adobe Flash
platform. In a recap of the threat landscape for the first six months
of 2010, M86 Security reported observing attackers combining
"Due to the widespread adoption of Adobe Flash across the Web, Flash
continues to remain a popular choice for developers, particularly in
the realm of Web development," the researchers wrote. "What is less
parent page. This little known fact is exactly the feature being abused by attackers today
Using the predefined functionality in ActionScript for
"ExternalInterface," attackers can produce a two-way communication
"To analyze the code in this case we need both the ActionScript and
system is insufficient for the correct analysis. Dividing the function
between the two types of script hinders most of the new, proactive
Adobe has faced a number of challenges in the area of security
during the past year, as hackers have increasingly honed in on some of
its most popular products, in particular Adobe Flash, Reader and
Acrobat. Of the 15 most exploited vulnerabilities observed by M86, four
involved Adobe Reader. The report also
(PDF) found that Java-based exploits are on the rise.
The most common attack scenario, the researcher wrote, is as
legitimate site that redirects the browser to a malicious Web page that
includes an embedded, malicious Java applet.
"Over the past few months, a number of Java related exploits have
been actively used in the wild," according to the report. "The most
popular of these Java vulnerabilities are CVE-2010-0842, CVE-2009-
3867, CVE-2008-5353, CVE-2010-1423...With this kind of success, we expect
Java-based exploits to continue to remain a popular weapon of choice
for attacks in the wild."
"Traditional methods such as spambots and dynamic code obfuscation
are still very much in use," said Bradley Anstis, vice president of
technology strategy at M86, in a statement. "However the first half of
2010 has also seen the emergence of new advanced methods as seen in the
new combined attacks. Cybercriminals continue to try and outsmart even
the latest Internet security protection mechanisms."