AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
WebPatrol: automated collection and replay of web-based malware scenarios
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
HARMUR: storing and analyzing historic data on malicious domains
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
SHELLOS: enabling fast detection and forensic analysis of code injection attacks
SEC'11 Proceedings of the 20th USENIX conference on Security
Knowing your enemy: understanding and detecting malicious web advertising
Proceedings of the 2012 ACM conference on Computer and communications security
FlashDetect: actionscript 3 malware detection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Jarhead analysis and detection of malicious Java applets
Proceedings of the 28th Annual Computer Security Applications Conference
POSTER: trend of online flash XSS vulnerabilities
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
The amount of dynamic content on the web has been steadily increasing. Scripting languages such as JavaScript and browser extensions such as Adobe's Flash have been instrumental in creating web-based interfaces that are similar to those of traditional applications. Dynamic content has also become popular in advertising, where Flash is used to create rich, interactive ads that are displayed on hundreds of millions of computers per day. Unfortunately, the success of Flash-based advertisements and applications attracted the attention of malware authors, who started to leverage Flash to deliver attacks through advertising networks. This paper presents a novel approach whose goal is to automate the analysis of Flash content to identify malicious behavior. We designed and implemented a tool based on the approach, and we tested it on a large corpus of real-world Flash advertisements. The results show that our tool is able to reliably detect malicious Flash ads with limited false positives. We made our tool available publicly and it is routinely used by thousands of users.