Flash Attack Vectors – Cross Site Flashing (XSF)
A few days ago a lot of media wrote about a Flash worm. I managed to get hold of samples and analyzed it (thanks to Peter Kruse of CSIS for the samples).
The worm was first identified on a popular Chinese social web site (for schools, if I’m not wrong), Renren (http://www.renren.com). This site is in many ways similar to Twitter or Facebook, but much more media intensive and it allows users to share various information, including pictures, movies etc.
[Read more HERE]