Can ransomware spread through Flash object?
April 15, 2017 9:33 PM Subscribe
I have been heard what people talking about the Ransomware.
Like 'you can get ransomware by just visiting a website', 'you can get infected by just watching flash movie(.swf)' or you can get infected by all kind of stupid reason.
Today I finally deiced to move my heavy ass and search it for myself.
and What I found was ransomware just has same infection routine as other virus. by plane executive.
Is this true?
if it is true, that mean loading flash object is completely irrelevant from virus.
Best answer: What people really mean when they say "infected by just watching a Flash movie" is that these are opportunities where people can attack your computer.
In an ideal world, a Flash move (.swf file) that you download onto your computer is limited to a certain subset of safe actions (a sandbox, what aubilenon refers to above), such as streaming a video or displaying a prompt asking you to upload a file. A security vulnerability means that the Flash movie file can be written to do something outside of these allowed actions.
The most serious of these is referred to as "remote code execution", or that someone is able to run any code they want on your computer, that is contained in the Flash movie file that you downloaded. Often the code is used to download more malware or anything else and run it on your computer.
posted by meowzilla at 9:57 PM on April 15, 2017
In an ideal world, a Flash move (.swf file) that you download onto your computer is limited to a certain subset of safe actions (a sandbox, what aubilenon refers to above), such as streaming a video or displaying a prompt asking you to upload a file. A security vulnerability means that the Flash movie file can be written to do something outside of these allowed actions.
The most serious of these is referred to as "remote code execution", or that someone is able to run any code they want on your computer, that is contained in the Flash movie file that you downloaded. Often the code is used to download more malware or anything else and run it on your computer.
posted by meowzilla at 9:57 PM on April 15, 2017
Response by poster: Thanks mate.
so I indeed have to be careful about loading flash object from unknown webpage.
posted by Smilehoho at 9:59 PM on April 15, 2017
so I indeed have to be careful about loading flash object from unknown webpage.
posted by Smilehoho at 9:59 PM on April 15, 2017
In theory: Yes.
Your computer could even be compromised by opening a picture on the web.
https://www.theregister.co.uk/2014/03/11/microsoft_adobe_patch_tuesday/
posted by yoyo_nyc at 10:03 PM on April 15, 2017
Your computer could even be compromised by opening a picture on the web.
https://www.theregister.co.uk/2014/03/11/microsoft_adobe_patch_tuesday/
posted by yoyo_nyc at 10:03 PM on April 15, 2017
Sorry, I was mistaken about terminology. What I referred to above is "arbitrary code execution".
Flash seems to have a large number of these issues: for example, four days ago, Adobe reported that it fixed seven of these possibilities: Adobe April Flash Security Bulletins. Adobe does this on a monthly basis.
Flash is a popular target since it is something that requires additional steps to update, so many people do not bother to update it. An older version of Flash is known to have security vulnerabilities that Adobe has already fixed.
posted by meowzilla at 10:07 PM on April 15, 2017
Flash seems to have a large number of these issues: for example, four days ago, Adobe reported that it fixed seven of these possibilities: Adobe April Flash Security Bulletins. Adobe does this on a monthly basis.
Flash is a popular target since it is something that requires additional steps to update, so many people do not bother to update it. An older version of Flash is known to have security vulnerabilities that Adobe has already fixed.
posted by meowzilla at 10:07 PM on April 15, 2017
There's a reason that most modern browsers block flash by default these days (Java applets, too). For awhile (not sure if still true), a big attack vector was via the ads you see on a web page, since they load from elsewhere, and not necessarily anybody affiliated with the site (usually at least two steps removed, via compromised accounts with ad networks). At least it seems most ad networks have realized that it's way too much of a liability to have flash or java ads these days.
In fact, some of these ads contain 'harmless' code that downloads code from elsewhere still, and then executes it, to get around the ad network's checks. I remember it being a big deal a while ago, when a site like Forbes started really cracking down on ad blockers, and then soon afterwards displayed/served ads that contained malware to those unlucky enough to not be using ad blockers, as Forbes had demanded they do.
Basically, you can never be too safe, though I think that even if you were victim to one of these ad attacks, you'd still have to be tricked/manipulated into installing/running something, which is probably what you saw when researching.
posted by destructive cactus at 10:30 PM on April 15, 2017 [1 favorite]
In fact, some of these ads contain 'harmless' code that downloads code from elsewhere still, and then executes it, to get around the ad network's checks. I remember it being a big deal a while ago, when a site like Forbes started really cracking down on ad blockers, and then soon afterwards displayed/served ads that contained malware to those unlucky enough to not be using ad blockers, as Forbes had demanded they do.
Basically, you can never be too safe, though I think that even if you were victim to one of these ad attacks, you'd still have to be tricked/manipulated into installing/running something, which is probably what you saw when researching.
posted by destructive cactus at 10:30 PM on April 15, 2017 [1 favorite]
There have also been instances of malicious code being installed along with counterfeit Flash installers, notably the Teamviewer problem from a couple years ago. The malicious code would download other code that would then silently install Teamviewer in the background and allow affected machines to be remotely accessed.
posted by under_petticoat_rule at 4:42 AM on April 16, 2017 [1 favorite]
posted by under_petticoat_rule at 4:42 AM on April 16, 2017 [1 favorite]
Use a browser, such as Chrome or Edge, that disables flash by default. Here's a report of Ransomware being delivered by Flash:
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabilities.html
https://blog.rackspace.com/reducing-ransomware-risk
"Most of the exploits result from Adobe Flash and Microsoft Silverlight vulnerabilities. While Microsoft has been diligent in patching these vulnerabilities, Adobe has had its difficulties. Google recently announced their decision to stop running display ads based on Flash at the beginning of 2017 (video ads will still be allowed)."
posted by at at 8:29 AM on April 16, 2017 [1 favorite]
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabilities.html
https://blog.rackspace.com/reducing-ransomware-risk
"Most of the exploits result from Adobe Flash and Microsoft Silverlight vulnerabilities. While Microsoft has been diligent in patching these vulnerabilities, Adobe has had its difficulties. Google recently announced their decision to stop running display ads based on Flash at the beginning of 2017 (video ads will still be allowed)."
posted by at at 8:29 AM on April 16, 2017 [1 favorite]
I've seen a number of cases of ransomware, and most of them were delivered by an email with an attachment. Back up your data.
posted by theora55 at 8:41 AM on April 16, 2017
posted by theora55 at 8:41 AM on April 16, 2017
This thread is closed to new comments.
posted by aubilenon at 9:48 PM on April 15, 2017 [2 favorites]