Hi you malware fighters,
Are you aware of this ongoing project? :
http://blitzableiter.recurity.com/ This is a special tool to analyze Flash code before it is going to be executed. It checks the SWF-file integrity and also for the presence on Embedded Action Script to block and also it will recognize Cross-site request forgery (CSRF) that could be used in an attack. Seems to work right according to this developer:
http://www.heise.de/newsticker/meldung/26C3-Schutz-gegen-Flash-Sicherheitsluecken-893588.htmlFrom a test with 20 genuine Flash exploits blitzableiter seems to detect OK, all attacks were detected. Also the tool can make legit Flash-files not to work anymore. Of 95.000 tested SWF-files 92% appear to pass the "format" check, but only 82% survived all of the debugging procedure. According to developer Felix "FX" Lindner the tools works on large Flash websites, likes YouTube like it should.
Biggest problems are with bij Flash-files trying to hide the code. Often this could be typical for malware. Then Blitzableiter demand quite some CPU, so it is not suitable for slow computers. Lindner told that the tool still is being developed. Just a couple of days ago McAfee Adobe called Flash code the number one hacker target for 2010,
polonus