Researchers at Sucuri have come up with a new report explaining the presence of a dangerous iFrame injector in Adobe Flash file (.SWF), which can be potentially used to inject even malicious malware into the websites. Ben Martin, Security Researcher at Sucuri , published a report on the Sucuri Blog yesterday about this new finding in the Adobe Flash File. He told that discovery of malware in adobe flash file is nothing to get surprised on, but when we find something really opposite, it then really becomes a matter of concern.

They identified several websites that were infected and the culprit was a code written for Adobe flash file.

Adobe Flash Files are used to deliver multimedia content such as vector graphics, animations, games and rich Internet apps (RIAs) that can be viewed, played and executed in Adobe Flash player. These flash programs are currently supported by all mainstream browsers. For this it means the flash "programs" must be executed in these browsers, thus they must be written in some programming language called ActionScript (OOP language, designed specifically for website animation, originally introduced with Flash 4, enhanced in Flash 5, is sophisticated version of script language used in Flash 3).

Normally, a hidden iFrame is used to throw a binary exploit with flash files, that infect the targeted machines. But this time they found that a simple written Action Script was used to inject malicious files. Ben got the instinct of some malicious activity happening, when he noticed that how-come a flash file inject some cool visuals and multimedia content, which are definitely larger than a single pixel having 1x1 width and height. Then he quickly decoded the ActionScript code that revealed the following:

An iFrame is injected into the site with the use of this script that calls external JavaScript methods and functions.

Blog mentions, "The iFrame uses common malicious practices like negative absolute positioning, random numbers, and targets Windows Internet Explorer(MSIE) users only. "

Sucuri put up a Side note as well mentioning the tests performed on 54 Antiviruses, revealing none of them detected this file.

Further the researchers at Sucuri warns the users by saying, "The file leads to a malicious .CGI script which currently forwards to an inaccessible blacklisted domain (this may change). For now, we have blacklisted all suspected malicious domains to protect you.

Stay safe, and keep your eyes open!"