Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


Posts Tagged ‘actionscript’
September 9th, 2011

Breaking through flash obfuscation

When analyzing flash malware, you can be sure that sooner or later a sample shows up that tries very hard to hide its purpose from anyone who wants to look under the hood. This is one of the things that make them suspicious and interesting to analyze. Today, I will show you a sample which is like an onion – every time you get rid of one layer of protection, you will find another one.
Read more…

June 28th, 2011

Flash malware that could fit a Twitter message

When analysing malware you are most likely to encounter samples which use all kinds of obfuscation in order to hide from antivirus software that protects your computer. This is also true for malware written in flash (more specifically, ActionScript). Flash is very popular among malware writers these days because many people use it on daily basis. Sometimes, they don’t even know it’s flash that runs all the fancy stuff which takes place on their screen! Recently I came across a sample that uses a very nice trick to hide its purpose from everyone who tries to look under its hood. What is more interesting, this sample is actually smaller than 140 bytes, which means it could fit in a Twitter message!  That is rather unusual for flash files, which tend to be considerably larger. But don’t worry, this is not a case of malware spreading through Twitter in its binary form. Maybe via malicious links, but that is another story.

Read more…