Title :
Analyzing and Detecting Malicious Flash Advertisements
Author :
Ford, Sean ; Cova, Marco ; Kruegel, Christopher ; Vigna, Giovanni
Author_Institution :
Dept. of Comput. Sci., Univ. of California, Santa Barbara, CA, USA
Abstract :
The amount of dynamic content on the Web has been steadily increasing. Scripting languages such as JavaScript and browser extensions such as Adobe´s Flash have been instrumental in creating Web-based interfaces that are similar to those of traditional applications. Dynamic content has also become popular in advertising, where Flash is used to create rich, interactive ads that are displayed on hundreds of millions of computers per day. Unfortunately, the success of Flash-based advertisements and applications attracted the attention of malware authors, who started to leverage Flash to deliver attacks through advertising networks. This paper presents a novel approach whose goal is to automate the analysis of Flash content to identify malicious behavior. We designed and implemented a tool based on the approach, and we tested it on a large corpus of real-world Flash advertisements. The results show that our tool is able to reliably detect malicious Flash ads with limited false positives. We made our tool available publicly and it is routinely used by thousands of users.
Keywords :
advertising; invasive software; Adobe Flash; JavaScript; OdoSwiff; Web-based interfaces; browser extensions; dynamic content; interactive ads; malicious Flash advertisement detection; malicious behavior identification; malware; scripting languages; Advertising; Animation; Application software; Computer displays; Computer science; Computer security; Instruments; Java; Testing; YouTube;
Conference_Titel :
Computer Security Applications Conference, 2009. ACSAC '09. Annual
Conference_Location :
Honolulu, HI
Print_ISBN :
978-0-7695-3919-5
DOI :
10.1109/ACSAC.2009.41
