Adverts on major websites used by hackers to infect computers and deliver malicious payloads, via Flash apps
Concerns are increasing about the security risk posed by online advertisements after a series of high-profile security breaches on major web sites.
Adverts created using Flash, the web browser plug-in technology from Adobe, are being used to infect people's computers and deliver malicious software.
The latest website found to be carrying dangerous Flash ads is Gizmodo. Previous high-profile cases include the website of the New York Times, as well as other very popular websites. Flash ads have become a standard way of generating revenue from a website. It seems likely that teh majority of security breaches through Flash, on much less well-known web sites, occur either undetected or without being widely reported.
A blog post I wrote about the patch for a recent batch of security bugs identified in Flash and other Adobe products provides typical examples of the type of security issues that can arise in a web browser plug-in. Even without bugs, Flash puts a lot of power in the hands of Flash designers and ActionScript coders. There are various dcoumented ways in which a Flash app can be used for malicious purposes, and probably many more methods that haven't yet even been discovered.
28 October 2009