Analyzing and Detecting Malicious Flash Advertisements

Sean Ford, Marco Cova, Christopher Kruegel, G Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contribution

51 Citations (Scopus)


The amount of dynamic content on the web has been steadily increasing. Scripting languages such as JavaScript and browser extensions such as Adobe's Flash have been instrumental in creating web-based interfaces that are similar to those of traditional applications. Dynamic content has also become popular in advertising, where Flash is used to create rich, interactive ads that are displayed on hundreds of millions of computers per day. Unfortunately, the success of Flash- based advertisements and applications attracted the attention of malware authors, who started to leverage Flash to deliver attacks through advertising networks. This paper presents a novel approach whose goal is to automate the analysis of Flash content to identify malicious behavior. We designed and implemented a tool based on the approach, and we tested it on a large corpus of real-world Flash advertisements. The results show that our tool is able to reliably detect malicious Flash ads with limited false positives. We made our tool available publicly and it is routinely used by thousands of users.
Original languageEnglish
Title of host publicationProceeding ACSAC '09
Subtitle of host publicationProceedings of the 2009 Annual Computer Security Applications Conference
Publication statusPublished - 2009


Dive into the research topics of 'Analyzing and Detecting Malicious Flash Advertisements'. Together they form a unique fingerprint.

Cite this