It’s no secret that hackers have myriad attack techniques in their arsenals to infect unsuspecting and unprotected users. One strategy – that is not new, but has been increasingly leveraged recently – is the use of malware-laced Flash advertisements to infiltrate and expand the attack vector.
In fact, experts noted that Flash-based ad banners have become so widely utilized among cybercriminals, that they could outpace other more complex infection approaches. The technique is quite simple: A user logs onto a popular website, clicks on a Flash banner advertisement which redirects them to a malware-containing website that in turn infects their computer.
Once the malware worms its way into the system, the machine can be leveraged by hackers to circulate additional spam and provide a launch pad for attacks on other users. Cybercriminals can also scan the infected computer to gain access to sensitive information including authentication credentials and financial data to be used for identity theft and other fraudulent pursuits.
Because this approach is becoming so popular within the hacker community, preventing attacks is increasingly difficult.
“Manually examining Flash advertisements for malicious behavior is infeasible given the volume of advertisements that are produced,” noted members of the University of California’s Department of Computer Science. “The current situation motivates the need for improved techniques to identify malicious Flash applications, and, in particular, advertisements.”
Compounding this issue is the fact that the Adobe Flash tool is so widely utilized; recent statistics show over 1 billion users have the player installed.
“The most dangerous online advertisement is a Flash banner,” stated a Bromium Labs report. “The danger of Flash redirects is that they don’t necessarily cause harm and therefore are hard to detect and block.”
The best approach to protecting against malicious ads of this kind is to utilize a layered security strategy alongside secure online activities. Users should avoid clicking on banner ads, and install computer monitoring software and an Anti-Virus program to scan their systems for any suspicious actions on the network.