no one is safe ...

Reply to comment

SWF and the Malware Tragedy

Posted Mon, 2008-12-29 19:40 by m1k3

Auf der CCC Webseite ist die Zusammenfassung zu finden.

Some shout outs:
Nocolas Cannasse
Mark Dowd
Ben Kurtz
Stefano di Paola
Jose Nazario

Flash is hard to analyse and so vulnerabilities are hard to detect. AS3 wird bisher noch nicht übermäßig genutzt!

For analysis you have to run the Flash file ;)

Analysis Methodes:

  • Search for known paterns
  • Search for opcode ocurrence (has the Flash banner to load ext. URLs?)
  • Search for format inconsistencies (strings too short)
  • Count occurrences of functions and tags
  • probability of variable names (nextid is more likely than n3k2hf7

Tools: Live PoC Scanner, erlswf

erlswf
Wenige False negatives, wesentlich mehr false positives!
Deconstructs and analyzes SWF
Focus: SWFn+AS2 bytecode+ABC bytecode

Reply

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
- three = two
Solve this math question and enter the solution with digits. E.g. for "two plus four = ?" enter "6".