Threat of the month: Flash

What is it?
Adobe Flash is a portable dynamic media language. It can be used on a website to drive short movies, audio or even games. It has a player that is usually used as a browser plug-in, and a media file that usually has the file extension .swf. The Flash player has had a number of major software vulnerabilities that distribute malware.

How does it work?
Adobe Flash player interprets a byte-compiled media file, which contains frames, controls and images, providing highly dynamic and interactive websites. Flash objects are loaded by the browser and interpreted using the Flash plugin. A malicious website may provide a Flash object that takes advantage of one of several vulnerabilities. Exploit kits can deliver a malicious Flash object specific to the detected version of Flash.

Should I be worried?
Yes. Flash is a popular browser plug-in and malicious Flash objects are used in drive-by download sites, providing a combination that puts desktop clients are risk.

How can I prevent it?
Disable Flash site-wide to prevent its abuse. Manage Flash and all other software installations as carefully as you would any commonly exploited software component and make sure that clients are updated frequently.

Jose Nazario, Arbor Network