Adverts on major websites used by hackers to infect computers and deliver malicious payloads, via Flash apps

Concerns are increasing about the security risk posed by online advertisements after a series of high-profile security breaches on major web sites.

Adverts created using Flash, the web browser plug-in technology from Adobe, are being used to infect people's computers and deliver malicious software.

The latest website found to be carrying dangerous Flash ads is Gizmodo. Previous high-profile cases include the website of the New York Times, as well as other very popular websites. Flash ads have become a standard way of generating revenue from a website. It seems likely that teh majority of security breaches through Flash, on much less well-known web sites, occur either undetected or without being widely reported.

A blog post I wrote about the patch for a recent batch of security bugs identified in Flash and other Adobe products provides typical examples of the type of security issues that can arise in a web browser plug-in. Even without bugs, Flash puts a lot of power in the hands of Flash designers and ActionScript coders. There are various dcoumented ways in which a Flash app can be used for malicious purposes, and probably many more methods that haven't yet even been discovered.

28 October 2009

Tags: flash security malware spyware viruses ads online adverts infected ria silverlight browser plug-in