Flash exploits…not just for browsers anymore

Researchers at TrendLabs have identified new attack vectors for Flash vulnerabilities uncovered by HackingTeam. Instead of targeting users through targeted phishing campaigns that directed them to websites with malicious content. The team has found Flash malware embedded in office documents.

This is a change as more normally Microsoft Office attachments are targeted with macros etc. that target the Office suite of applications, sometimes calling out from them to get additional pieces of malware. In these new instances, the Office documents are just transporting an embedded Flash vulnerability. If the exploit succeeds, it is used to download the actual malware payload.

In the HackingTeam versions of this attack method, they would embed a Flash file which then would download the exploit.

To make detection more difficult, HTTPS is used to encrypt network traffic and at times the malware use is encrypted with a random 4-byte key.

Best Practices:

As always it is best to keep your Flash software up to date and either choose “click-to-play” in browsers or disable Flash entirely. These controls only work against attacks that use Flash in the browser. Flash in Microsoft Office is not protected by this. Completely disabling or removing Flash from your system is a better solution. Windows users can also use kill bits to disable Flash from running.

Leave a Reply