Analysis and Prevention of SWF Trojans exploiting Flash Vulnerabilities

SWF Trojans appeared early. In the past, they mainly used system vulnerabilities to spread. This method is similar to many Trojans, so it is not outstanding. It was not until the SWF Trojan method exploiting Flash software vulnerabilities appeared that it quickly became one of the mainstream Trojan methods. Why is Flash software vulnerable SWF so powerful? The answer is as follows.

Jinshan Li tiejun: senior security engineer with more than 10 years of anti-virus experience.

SWF Trojans are very harmful. Why? It has two advantages: the first advantage is that Flash files in the SWF file format have a large installation volume, a large user base, and a large number of users may be hacked. Every time a new Flash Vulnerability occurs, SWF Trojans will crash.

The second advantage is that playing SWF files is normal and does not alert users, so the concealment of Trojans will be very high. Of course, the disadvantages of this method are also very obvious. After most users Install patches, the success rate will be greatly reduced.

Security Encyclopedia: SWF is the file format used by AdobeFlash for playing on the network. It is also the final format generated after the animation is created. Flash is widely used, and most users install it to browse SWF files.

Reveal SWF Trojan advantages

Why do Hackers love SWF and Trojan? Because the Flash Animation playing software corresponding to the SWF file is one of the essential software for installation, if you can mine the vulnerabilities in Flash, and then use the web page for Trojans, the bots will naturally flock. In addition, many people update Windows patches on a regular basis, but few frequently used software updates, which leads to Flash vulnerabilities being sought after and welcomed by hackers.

Hackers choose to use Flash SWF files to mount Trojans, just like the previous drug milk event. Although consumers trust the milk powder of regular manufacturers, they do not need to buy milk powder from other channels. However, due to its own quality control vulnerabilities and other problems, the real milk powder contains toxic ingredients, which finally poisoned consumers.

This is also true for Flash Animation. Many users believe that Flash will be installed. However, due to the vulnerability in Flash playback controls, although users have installed non-toxic Flash controls, however, web pages that exploit the Flash control vulnerability can also be found.

Security gossip: After the Flash Vulnerability is exposed, although the patch is released in time, millions of computers that have not updated the Security Patch in time are still implanted with Trojans. In addition, some malicious websites are also under attack. No matter whether visitors update security patches or not, the so-called security patches provided by the website are required to be updated. They are actually viruses.

SWF Trojan Attack and Defense recording

Mainstream SWF Trojans are achieved through Flash vulnerabilities. A hacker downloads a malicious SWF file, opens it on the Wordpad, and finds the URL of the EXE file. A hacker only needs to modify the link address to a Trojan and upload it to the website. When dealing with SWF Trojans, security defense engineers first upgrade the Flash version, add related security patches, block security vulnerabilities, and use some monitoring tools, monitors the updates of common software on company clients. In addition, some security auxiliary tools can be used to intercept webpage Trojans.

Security gossip: Due to the dangers of Flash vulnerabilities, when a vulnerability exploitation program occurs, hackers may even be fired for tens of thousands of yuan, but there are still many buyers. At the same time, the exposure of Flash vulnerabilities has made zombie transactions in hackers' circles popular again. In the IRC chat channels commonly used by hackers, bots trade in batches in thousands or even tens of thousands.