AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 11:35 - 12:20
Analyzing and Detecting Flash-based Malware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Adobe Flash is a popular platform for providing dynamic and multimedia
content on web pages. Despite being declared dead for years, Flash still
is deployed on millions of devices. Unfortunately, the Adobe Flash
Player increasingly suffers from vulnerabilities, and attacks using
Flash-based malware regularly put users at risk of being remotely
attacked. We present Gordon, a method for the comprehensive analysis and
detection of Flash-based malware. By analyzing Flash animations at
different levels during the interpreter’s loading and execution process,
our method is able to spot attacks against the Flash Player as well as
malicious functionality embedded in ActionScript code. To achieve this
goal, Gordon combines a structural analysis of the container format with
guided execution of the contained code—a novel analysis strategy that
manipulates the control flow to maximize the coverage of indicative code
regions. In doing so, Gordon significantly outperforms related
approaches when applied to samples shortly after their first occurrence
in the wild, demonstrating its ability to provide timely protection for
end users.

avatar for Christian Wressengger

Christian Wressengger

TU Braunschweig
Christian Wressnegger is a full-time researcher at the Institute of System Security of the TU Braunschweig, Germany. Before joining academia to pursue a PhD, he has been working in Anti-Virus industry and in data analytics for computer security applications using machine learning... Read More →

Friday July 1, 2016 11:35 - 12:20 CEST
Room A (Michelangelo Ballroom Sect. 3)