Spammers bypass filters with SWF file redirects

By

Spammers are stepping up their use of Shockwave Flash file redirects to avoid detection.


Spammers are stepping up their use of Shockwave Flash (SWF) file redirects to avoid detection, security researchers said this week.

Alex Eckelberry, president of Sunbelt Software, a security software provider, said the SWF files embed a barely visible box that pushes the installment of a trojan.

“Previously what they have done was have a direct link to the trojan,” Eckelberry told SCMagazineUS.com on Thursday. “But because those URLs are now blacklisted so rapidly, the spammers needed a way to bypass the filters. They use these little SWF files.”

Like other spammer ploys, the purpose of the SWF redirect is to trick users into installing malicious software.

“In many instances the malicious software that is installed will be fake anti-spyware or fake anti-virus software that has infected the user, tells them they are infected, and suggests they pay for the full version of the product to clean their computer,” Randy Abrams, director of technical education at ESET, a threat protection provider, told SCMagazineUS.com.

Adam O'Donnell, director of emerging technologies at Cloudmark, a message security company, said Shockwave works because filters are not used to it.

“There are just not as many analysis tools as there are for Javascript or HTML, for example,” he said. “I will be interested in what comes next after Shockwave.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?