iPing Technology

If you’re reading this in the comfort of your infinitely superior Mozilla Firefox, Google Chrome or Safari browser, warming at the thought of all those out there running Internet Explorer getting hit by all the malicious hacks, while you surf in comfortable bliss – think again. You might very well be one of them. You might very well be the reason your PC is the only one not constantly crashing in your office. You could very well be the assassin in your office, quietly killing off all those other clients on the network…

I’d like you to meet Adobe Flash. Innocent, helpful, flexible, runs-on-every-browser Flash. Just don’t say we didn’t warn you when Kevin, the quiet youtube-a-holic in your office causes everyone’s PC to crash when he watches his favourite video…

The A-Team Garage

Ok – so maybe I’m exaggerating a little to get the message across but lets think about this a little more – if I Ted, chief virus and spybot creator at Dodge Ltd wanted to create something and maximize the damage and distribution what would I need? Let’s use the A-Team example and try to imagine what ridiculous garage we can lock our creation into – that it just happens to have everything it will need to come out all guns blazing;

1. I would need people to unknowingly download my creation
2. I would like you to help me spread the virus
3. I would want to be able to propagate it to PCs behind firewalls so that my zombie network will grow
4. I would not have to worry about what OS you are running (or what version of windows maybe)
5. I would like to have my creation auto-update to the latest version whenever it can.

Now – lets say 4-5yrs ago I would have maybe made my creation use some exploit in Internet Explorer as it was the the most used browser in play. Notice I said most-used there. Sure lots of people might prefer Firefox over Internet Explorer – but out-of-the-box installs purchased by Average Joe will start with Internet Explorer on them and in most cases that’s what people stay with – they go with what they are familiar with.

With other browsers out there now the field is wider; IE8, IE7, IE6, Firefox, Chrome, Safari and Opera. What do they all have in common? Flash.

Wanted: License To Kill

I create a nice flash based game/video that has an average playtime of 2-3mins. That’s about long enough to prevent someone loosing interest and just the right length for a quick office interlude when you sit down at your desk with a nice fresh cup of coffee. I make it cute and easy to use, maybe even fun. I add some additional code so that while you are watching/playing my creation it’s downloading all it needs to do it’s dirty work.

Now that we have our creation built and we know what horror it will wreak on hapless PCs lets review our helper criteria we looked at above;

1. I would need people to unknowingly download my creation
   CHECK: You have no idea what the Flash app you’re loading will do before it loads – chances are it has already fully loaded by the time you see anything on your screen. I’m ready to play with – all I need is for you – the user to grant me my License To Kill by clicking ‘Play’
2. I would like you to help me spread the virus
   CHECK: My creation is cute and fun and popular. It’s on the 10-ten-things-to-do-while-having-a-coffee-at-your-desk list. You keep sending it to all your friends and colleagues telling them how much fun it is so that they too can experience the joy of Frankenflash.
3. I would want to be able to propagate it to PCs behind firewalls so that my zombie network will grow
   CHECK: Flash isn’t usually blocked by most firewall/proxies, unless the site is restricted (eg. No YouTube at work thank-you). You’re lovely browser, with all it’s security updates, running it’s man-of-steel version of Windows is about to download Kryptonite v1.0
4. I would not have to worry about what OS you are running (or what version of windows maybe)
   POSSIBLE CHECK: Ok so Linux and MacOS folks are maybe safer here than others but if I’m clever enough I can create something that will ignore the OS on the victim’s PC and just hose the network. How about a flash game that in the background keeps downloading http://www.company-i-dont-like.com in the background. If I can’t murder other PCs I’ll at least try to murder the network.
5. I would like to have my creation auto-update to the latest version whenever it can.
   CHECK: My game/video is popular, so pupular in fact that you bookmark it. It’s a handy game of Solitaire that you play for 5-10 mins when you want some much needed down-time after that TPS report. Every time you visit me to play I serve you the latest version of my creation.

Self Preservation

The easiest way to protect yourself from these types of attacks is not to automatically have Flash load. I’m not saying avoid Flash – I use it every day myself – just allow Flash content from the sites and people that you trust. It’s not a guarantee but it’s an easy way to prevent this type of attack.

Myself – I’m a Firefox user and although other browsers are just as good what I like about Firefox is the ubiquity of it’s AddOns. Meet FlashBlock (https://addons.mozilla.org/en-US/firefox/addon/433) – A simple AddOn that prevents flash on website from loading automatically so that you can choose whether or not to have it load – or only load the parts you want. There’s also a setting so that you can always-allow Flash from a certain site so that it doesn’t become a pain if you visit a flash-heavy site often that you trust.

There’s also the added benefit that today a large portion of Ads on internet sites are Flash-based and by having FlashBlock installed you are spared having 10 different Ads on the page trying to get your attention.

Want to know more?

Although what we’ve talked about above is probably over-simplified, there are currently several known vulnerabilities in Flash today, some of which have already been used in the field. If you’re interested in finding out more the two links below I found are a good place to begin the trail

http://arstechnica.com/security/news/2009/07/flash-security-vulnerability-exploited-in-pdfs.ars

http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/

If you would like to talk to someone here at iPing about your Internet Security just drop us a LINE and we would be delighted to help.

Tags: antivirus, dublin, Flash, internet security, IT Support

This entry was posted on Monday, January 4th, 2010 at 3:54 pm and is filed under ESC: Eat, Sleep, Click. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.