InfoSec Handlers Diary Blog

      Comments Off on InfoSec Handlers Diary Blog

Malvertising malicious ads is a fairly fresh tackle an online crook method that seems focused on the setting up of undesirable or outright malicious program by using cyber web advertising media networks, exchanges and other user offered content publishing facilities common to the Social Networking space. The prime Malvertising vector active “in the wild” is due to the the client rendering of Adobe Flash SWF files that contain maliciously coded Flash ActionScript. In my own restricted but growing to be experience, Malicious SWF files may share a number of of right here characteristics:In light of a starting to be problem that has the capabilities to effectively place every web user at risk, even when only vacationing sites they’d in a different way fully trust, there’s at least a new tool accessible to assist the security researcher group with a method to better name malicious SWF files. The timing for this is astonishing, as I have individually only found out of this tool just this morning. This certain tool is the OWASP hosted project named ‘SWFIntruder’.

I could be doing my own deep dive into the particulars of it’s use for inclusion into my own SWF analysis tool bag. The private SWF evaluation tool bag happens to encompass two other freely available also cross platform SWF file decompilers:SWFIntruder : ategory:SWFIntruderswfdump : source availableand ‘flare’ : binary only :We may expand on how it’s possible you’ll believe making use of security mitigations for this threat type as a protection for the common user that may consist of your spouse, fogeys, children, company community users, etc. in a future diary. Please do write in together with your own insights into the malvertising challenge space.

See also  Part – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting – Modern Workplace