Flash Redirection Poses Security Problems

Last Monday Information Week carried an article on Adobe’s Flash technology as a potential vector for malware writers to co-opt a computer. “The problem is that [Flash] .swf files are being actively manipulated by malware authors to deliver [malicious] ads, and it’s nothing to do with a particular vulnerability,” Alex Eckelberry, President and CEO of Sunbelt Software, explained to InfoWeek in an email.

InfoWeek states that Adobe released a security update on Dec 18th, the lack of user control means that computers are still at risk of “badvertising.” Due to hightened awareness about malware, its authors have begun to embed redirect links within .swf files. Theoretically those redirects can be screened by network personnel, yet they often fail to recognize the redirect within the ad.

Perhaps user awareness and the presence of competition within the market will encourage Adobe to create a product with more transparency that will return control to the end user.