Shocked by shockwave
I picked a bit of a virus/malware infection arguably when looking for software to decompiling shockwave flash files. I am assuming that was what caused it. Sophos did a poor job as the last line of defense. It found the malware software too late. Anyways how do you stop it? It's very easy to pickup a malware. It could be disguised by legit software. It can be picked up via drive-by downloads, i.e. when visiting a site, it tries to direct to another site (using Javascript). If you are paranoid, you should really use Noscript for firefox.
Shockwave decomposition
For now let's have a look at some articles about securing Shockwave flash files. Flash is of course made by Adobe and they have their guide to securing shockwave flash files. Passing arguments into the flash files could be liable to code injection so knowing how it works is a good start as seen in the flashmove.com and the actionscript forums. Allow networking is another parameter that ideally shouldn't be set.
Shockwave Vulnerabilities
There are some articles about vulnerabilities with shockwave flash files. Examples of vulnerabilities found in common applications using flash can be seen on xssed.com. Flash has an advisory as well.
Shockwave Decompilers
There are a number of tools to decompile flash. Some of these may or may not contain MALWARE! Be warned!
SoThink SWF Decompiler (latest version is 5) is available from softpedia. Flare v0.6from HP is another readily available decompiler. There is an open source version sitting at OWASP called SWF intruder. But there is code out there to access there. More details about SWF intruder can be found on the OWASP site and the google code. Also can use a combination of answers.
Flare 0.6 is available for use. HP has a search for swfscan machine. swfscan is a free scan with some restrictions. Decompile flash is another tool that focuses in on the deompiled flash code. Same thing for Free Flash Decompiler gold
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment