Adobe PDF and Flash are source of web attacks

"Attackers are finding new ways to stay one step ahead of security, exploiting ubiquitous Adobe Flash applications and PDF files, which many organizations and end users incorrectly assume are safe against compromise." was quoted in an article describing Adobe attacks on December 9th, 2008.

"In its Q4 Web Security Trends Report, Finjan Inc. says its Malicious Code Research Center (MCRC) has found that millions of PCs have been compromised by either Flash- or PDF-borne Web exploits, as crimeware writers widen their attack vectors and find new ways to evade detection and snare user machines." Flash is an application that allows animations in webpages. Flash is a specific type of webpage coding. The Flash exploits rely on basic Adobe ActionScript functionality to exploit browser vulnerabilities. Flash malware can be delivered through malicious banner ads. "Although most networks inspect the ads for security risks, their efforts are often insufficient." Adobe advises uses to set a parameter, "AllowScriptAccess," to "never," but is more typically set to "always." "This allows ActionScript to inject an IFRAME, which can then pull in malicious content and infect the end-user machine."

PDF a mistakenly considered as a safe file format to many. However they can be exploited through a pair of buffer overflow vulnerabilities. Adobe has patches for these flaws, but many machines aren't up to date. Starting with version 1.4, the PDF format includes JavaScript capabilities. The problem grew by the emergence of simply crimeware toolkits, such as Neosploit and Fiesta, which include PDF components that "enable attackers to obfuscate scripts within PDF files to execute Web exploits. Signature-based detection is not generally effective against these attacks, so antimalware engines must rely on real-time detection."

The best way to prevent these attacks seem to be by simply updating these programs since there are patches available. Perhaps Adobe should come up with an automatic software update, like Microsoft uses. This article is interesting to me because I use Flash coding all the time and I always felt like it was safer, even though I had nothing to support this reasoning. I also think this is interesting since we recently learned about web based attacks. It would be interesting to see if these programs are exploited in ways similar to cross-site scripting. I think it is also important that antivirus and spyware detection programs update their software to protect users against these attacks.

Sources:

Flash, PDF are growing malware targets
By Neil Roiter, Senior Technology Editor, Information Security magazine09 Dec 2008 SearchSecurity.com

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1341749,00.html