25C3 -

25th Chaos Communication Congress
Nothing to hide

Day Day 3 (2008-12-29)
Room Saal 3
Start time 18:30
Duration 01:00
ID 2596
Event type lecture
Track Hacking
Language used for presentation en

SWF and the Malware Tragedy

Hide and Seek in A. Flash

This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF.

While there are some tools out there to analyze AS2 and AS3 based SWF, using various techniques, analysis of SWF can become a nightmare. Starting with a closer look at recent Flash based attacks, this talk will explore ways to recognise these attacks in advance on the one hand, and means to make it even more difficult to prevent them on the other hand. On the way, we will see why and how attackers obfuscate ActionScript code and what methods will probably be used in the future to make detection of malicious payloads much harder.