An Ria Security Solution - Flash And Pdf Threat Handler presented at SyScan 2010

by Elson Lai,

Tags: Security Web Analysis

Summary : Rich Internet Application, known as RIA, is a new concept of modern web2.0. Moving logic from the server to an untrusted
client may open up security holes that never present in the page-oriented "Web 1.0" architecture. (Adobe?) Flash and
PDF are 2 of the most important RIA formats and are most widely used by internet users. During past 2 years hackers
have pay more attention to RIA exploits especially to Adobe's vulnerabilities through internet, Adobe software was
believed to be the 2nd Microsoft.In this presentation, we will start with the threat trend of SWF and PDF applications, various kinds of attacks rely
on vulnerabilities through web browsers spreading to in the internet. Followed by showing how AV handles and how
hackers manage to bypass them. We'll then demonstrate technical details on the format change and advancement of
the malicious SWF and PDF files aimed to bypass antivirus software. To fight against these Web2.0 based attacks,
we will present a research project on an analysis tool for malicious content parser. In the end, we will present
a frame of real-time RIA scanner between gateway and user browser.This presentation has never been published to public before.u8c50u5bccu7684u7db2u969bu7db2u8defu61c9u7528u7a0bu5f0fuff0cu4e5fu5c31u662fu6240u8b02u7684RIAuff0cu662fu4e00u500bu73feu4ee3web2.0u7684u65b0u6982u5ff5u3002u5c07u908fu8f2fu5f9eu4f3au670du5668u79fbu5230u4e0du80fdu4fe1u4efbu7684u5ba2u6236u7aefu6642uff0c
u53efu80fdu6703u51fau73feu5b89u5168u6f0fu6d1euff0cu800cu9019u662fu5728"Web 1.0" u7684u9801u9762u70bau4e3bu7684u7d50u69cbu4e2du4e0du6703u51fau73feu7684u60c5u6cc1u3002(Adobe?) Flash u548cPDFu662fRIAu6700u91cdu8981u7684u5169u500bu683cu5f0fuff0c
u4e5fu662fu6700u5e38u88abu7db2u8defu4f7fu7528u8005u6240u4f7fu7528u7684u3002u5728u904eu53bbu7684u5169u5e74uff0cu99edu5ba2u5df2u7d93u66f4u8457u91cdu65bcu653bu64caRIAuff0cu7279u5225u662fu900fu904eu7db2u8defu653bu64caAdobeu7684u5f31u9edeu3002Adobeu66f4u662fu88abu8a8du70bau662fu7b2cu4e8cu500bu5faeu8edfu3002u5728u9019u500bu5831u544au4e2duff0cu6211u5011u6703u5f9eSWFu548cPDFu61c9u7528u7a0bu5f0fu7684u5a01u8105u8da8u52e2u958bu59cbu8a0eu8ad6uff0cu4e0du540cu7684u653bu64cau5229u7528u7db2u8defu700fu89bdu5668u7684u5f31u9edeu6563u64adu5230u7db2u8defu4e0au3002
u4e4bu5f8cu6211u5011u6703u8a0eu8ad6 AV u5982u4f55u8655u7406u9084u6709u99edu5ba2u5982u4f55u8fa6u5230u898fu907fu5b83u5011u3002u518du4f86uff0cu6211u5011u6703u5448u73feu4ee5u898fu907fu9632u6bd2u8edfu9ad4u70bau76eeu7684u7684u60e1u610fSWFu548cPDFu6a94u6848u5728u683cu5f0fu6539u8b8au548cu9032u5316u65b9u9762u7684u6280u8853u7d30u7bc0u3002
u70bau4e86u5c0du6297u9019u4e9bWeb2.0u7684u653bu64cauff0cu6211u5011u6703u63d0u51fau4e00u500bu7814u7a76u5c08u6848uff0cu5c08u6848u5167u5bb9u662fu60e1u610fu7a0bu5f0fu8a9eu6cd5u5206u6790u7684u5de5u5177u3002u6700u5f8cuff0cu6211u5011u6703u5448u73feu4e00u500bu5728u7db2u8defu9598u9053u548cu4f7fu7528u8005u700fu89bdu8d77u4e4bu9593u5373u6642u7684RIA u6383u63cfu3002u9019u6b21u7684u5831u544au5728u6b64u4e4bu524du5c1au672au88abu516cu958bu767cu8868u904eu3002