Adobe Flash Language Used to Hide Malicious Code
New research has found attackers are abusing Adobe System's ActionScript programming language to dodge anti-malware defenses.
Adobe has faced a number of challenges in the area of security during the past year, as hackers have increasingly honed in on some of its most popular products, in particular Adobe Flash, Reader and Acrobat. Of the 15 most exploited vulnerabilities observed by M86, four involved Adobe Reader. The report also (PDF) found that Java-based exploits are on the rise.
"Over the past few months, a number of Java related exploits have been actively used in the wild," according to the report. "The most popular of these Java vulnerabilities are CVE-2010-0842, CVE-2009- 3867, CVE-2008-5353, CVE-2010-1423...With this kind of success, we expect Java-based exploits to continue to remain a popular weapon of choice for attacks in the wild."
"Traditional methods such as spambots and dynamic code obfuscation are still very much in use," said Bradley Anstis, vice president of technology strategy at M86, in a statement. "However the first half of 2010 has also seen the emergence of new advanced methods as seen in the new combined attacks. Cybercriminals continue to try and outsmart even the latest Internet security protection mechanisms."