PDF and Flash files under threat from cryptic code

Disguised or hard to understand code is become more of a threat to Web 2.0 websites as criminals taking advantage of JavaScript.

PDF and Flash files are under attack by criminals using code obfuscation' and the latest Web 2.0 techniques, according to a report by Finjan.

The new report claimed that malicious obfuscated code' - meaning source code or intermediate code which is very hard to read or understand - has now evolved into a serious threat.

It looked at examples where obfuscated code had not only been embedded in HTML web pages on legitimate websites, but also in rich-content files thanks to the use of JavaScript.

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash players, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, chief technology officer of Finjan.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Ben-Itzhak said this offered crimeware authors ways to inject malicious code into rich-content files used by ads and user-generated content for Web 2.0 websites.

Obfuscated code has been around a while; it has been reportedly been used since 2005 as a weapon for propagating malicious code. It was able to bypass the traditional signature-based solutions which had been used by security vendors.

Finjan claimed code obfuscation utilities and other encoding methods allowed cybercriminals to plant invisible' malicious code, which infected a user's machine every time they visited the malicious site.

Last year IT PRO looked at the threat provided by dynamic code obfuscation'.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/infrastructure/server-storage/354508/synology-flashstation-fs3400-same-old-same-old
Server & storage

Synology FlashStation FS3400: Same old, same old

9 Jan 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/server-storage/34420/pure-storage-introduces-flash-based-tier-2-appliance
Server & storage

Pure Storage introduces flash-based Tier 2 appliance

17 Sep 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020