Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck from Institute of System Security, TU Braunschweig, Germany.
Adobe Flash is a popular platform for providing dynamic and multimedia content on web pages. Despite being declared dead for years, Flash is still deployed on millions of devices. Unfortunately, the Adobe Flash Player increasingly suffers from vulnerabilities, and attacks using Flash-based malware regularly put users at risk of being remotely attacked—most prominently highlighted by numerous exploits made public during the past months. As a remedy, we present Gordon, a method for the comprehensive analysis and detection of Flash-based malware. The dataset for evaluation was assembled using the VirusTotal API.