Adobe’s ActionScript and JavaScript Languages Navigate Around Traditional Anti-virus Platforms


M86 Security released it’s bi-annual security report for the first half of 2010 on Jul 14, 2010 with one good news and one bad news. The good news is traditional online attacks are becoming less effective, the bad one is, attackers are finding new ways to combine these attacks in unexpected ways to continue punching malicious code through corporate firewalls.




M86 Security Labs Report(PDF) details the emergence of combined attacks using Adobe’s ActionScript and JavaScript languages to thwart most of the new, proactive detection mechanisms. M86 said,

“Traditional methods such as spambots and dynamic code obfuscation are still very much in use. However the first half of 2010 has also seen the emergence of new advanced methods as seen in the new combined attacks,”

“Over the last few months, we have observed a new technique of code obfuscation that combines JavaScript and Adobe’s ActionScript scripting language,”

Because ActionScript already has a built-in interface(ExternalInterface) to JavaScript, attackers can easily establish two-way communication between the components.

The most common attack scenario, is as follows:

an IFrame or JavaScript is injected into a Web page of a legitimate site that redirects the browser to a malicious Web page that includes an embedded, malicious Java applet.

From the report:

\”This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for ‘covering their tracks’ are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language—built into Adobe flash—and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today.”


(The most popular spam category)

During the first half of 2010, anonymized feedback from M86 filtering installations showed most observed threats were based on the following vulnerabilities:


From above list we can know, Adobe VS. MS, Adobe is the winner.

Other Key findings include:

  • Most exploits were first reported more than a year ago and have been addressed by the software vendors, highlighting the need to keep software updated with the latest versions and patches.
  • Advanced Persistent Threat attacks made headlines after being used against commercial organizations such as Google and Adobe.
  • More Java-based vulnerabilities have been actively exploited, reflecting the exploits’ high “success rate” for attackers.
  • Mass Website infections continue to be a huge problem, as attackers use botnet malware, such as Asprox, to carry out automated mass attacks.
  • Anti-detection techniques proliferated as cybercriminals aim to stay under the radar as long as possible.
  • Email is still a major attack vector, with botnets spamming out both malicious attachments, and blended threat campaigns that drive users to infected Websites.
  • Total spam output remains extremely high, as the major spamming botnet operations continue to operate largely unimpeded. Just five botnets are responsible for 75% of all spam.
  • Spam promoting pharmaceuticals constitutes 80% of all spam, reflecting the attractiveness of major spam affiliate programs such as Canadian Pharmacy.
  • Spammers are using more diverse tactics, including malicious PDF attachments and HTML attachments that load malicious code.
  • The controversy over Facebook privacy underscores the need to review privacy on these networks, as they are areas ripe for abuse.

Adobe has faced a number of challenges in the area of security during the past year, Microsoft has started working on IE 9, then what should Adobe do next?

About M86 Security


M86 Security is the global expert in real-time threat protection and the industry’s leading Secure Web Gateway provider. The company’s appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 24,000 customers and over 17 million users worldwide.

M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand.