In the past we used, and still do, tools such as Sothink SWF Decompiler and URLActionEditor to analyse flash files and amend them accordingly. But enter OneVision wo’ve been busy in the intervening years and by all accounts have built out a fully-featured pre-flighting tool called Contenio for use by online AdOps departments to check and authorise creatives as they come into the department. I haven’t yet seen the product working but I’m hopeful it will address some of the ore recurrent themes such as checking for clickTag() case sensitivity/spelling, fix _root. issues, check for embedded urls, check for target=”_blank” etc, but hopefully we’ll get to see this in action soon and report back our findings.

For those of you trying to automate out your QA process this could be of vital interest. I look forward to speaking to someone who’s currently or planning on working with this soon.

This on the back of this report:
http://www.theregister.co.uk/2009/12/22/mass_flash_file_vulnerability/ and http://websecurity.com.ua/3789/

My personal take on this is that yes, it could be used as a potential XSS but invariabaly it would have meant that the original 3rd party adserver had been compromised anyway… which is a much more serious issue, eg;

OpenX Ad Server reported to be hacked [2009-12]
Hackers hit OpenX ad server in Adobe attack [2009-12]
eWeek Web Site Leads Users to Rogue Anti-Virus (AV) Application [2009-02]
Details of hijacked 24/7 ad server emerge [2007-10]
Hacked Ad Seen on MySpace Served Spyware to a Million [2006-07]
Bofra exploit hits our ad serving supplier [2004-11]

It’s full list of threat predictions include:
McAfee Labs foresees an increase in threats related to social networking sites, banking security, and botnets, as well as attacks targeting users, businesses, and applications. However, in 2010 we expect to see an increase in the effectiveness of law enforcement to ight back against cybercrime.

• Social networking sites such as Facebook will face more sophisticated threats as the number of users grows.
• The explosion of applications on Facebook and other services will be an ideal vector for cybercriminals, who will take advantage of friends trusting friends to click links they might otherwise treat cautiously.
• HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users.
• Email attachments have delivered malware for years, yet the increasing number of attacks targeted at corporations, journalists, and individual users often fool them into downloading Trojans and other malware.
• Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot.
• Banking Trojans will become more clever, sometimes interrupting a legitimate transaction to make an unauthorized withdrawal.
• Botnets are the leading infrastructure for cybercriminals, used for actions from spamming to identity theft. Recent successes in shutting down botnets will force their controllers to switch to alternate, less vulnerable methods of command, including peer-to-peer setups.

PDF report here: http://mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf

Related Slashdot Article: http://it.slashdot.org/story/09/12/29/1435259/Adobe-Flash-To-Be-Top-Hacker-Target-In-2010?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdot+(Slashdot)
Anothe realated article: http://www.itjungle.com/tfh/tfh010410-story09.html