FLASH: Is the 20th Century Hero Really
Gone? 1Institute
of IT Security Research 2JRZ
TARGET St.
Pölten University of Applied Sciences, Austria {damjan.buhov, julian.rauchberger, sebastian.schrittwieser}@fhstp.ac.at Abstract Although the Adobe Flash browser plugin steadily lost popularity throughout the last few years, Flash content still regularly appears when browsing the web. Known for its infamous security track record, Flash remains a challenge in making web browsing more secure. In this paper, we present a large-scale measurement of the current uses of Flash, based on a crawl of the top 1 million websites. The different types of measurements result in most detailed classification of Flash uses to date. In particular, special attention is payed to Flash usage related to user tracking, as well as to malicious Flash files used by malvertising or exploit kits. We present Garrick, a novel crawling framework, which is based on a full-fledged Mozilla Firefox browser. Garrick is able to mimic any browser, plugin and operating system configuration so that fingerprinting scripts can be tricked to deliver malicious Flash files. Our measurements show that Flash is still used by approximately 7.5% of the top 1 million websites, with 62% of the Flash content coming from third-parties such as ad networks. In general, on popular websites Flash usage is higher compared to less prominent websites and a bigger share of Flash content on these sites comes from third-parties. From a security perspective, malicious Flash files served by highly targeted malvertising campaigns are an ongoing challenge. Keywords: Adobe Flash, Malvertising,
Exploit-Kits, User Tracking +: Corresponding author: Sebastian Schrittwieser 15,
3100 St. Pölten, Tel: +43/676/847 228 648 Vol. 9, No. 4,
pp. 26-40, December 2018 [pdf] |