Swifti

Swifti is a Trojan infection that has been linked to a recently uncovered vulnerability in Adobe Flash Player. The main purpose of Swifti is to distribute adware and to expand a botnet that would include the infected computer. Although Swifti is fairly generic, the Flash Player vulnerability associated with Swifti has garnered quite a bit of attention due to its potential for exploitation.

The Flash Vulnerability Linked to Swifti

An exploit kit known as Angler Exploit Kit has been using a zero-day flaw in Flash Player to distribute the Swifti Trojan. Angler is the successor of the infamous Black Hole Exploit Kit, which met its demise in 2014. Malware analysts were alarmed when they uncovered an Angler variant that exploits three flaws in Flash Player, of which only two had been patched by Adobe. This has made computers vulnerable to these attacks when exposed to threatening content.

Why Flash has been Targeted in these Types of Attacks

Flash and other third-party platforms (such as Java) are common targets for threat attacks and exploit kits. There are several reasons for this. A crucial one is that Flash runs in all popular Web browsers and is also available in different operating systems. This means that threats that are distributed using Flash vulnerabilities (such as Swifti) may reach a wider swath of victims by exploiting Flash than by exploiting a specific Web browser or operating system. The fact that Swifti is being distributed using a zero-day exploit has made these infections particularly alarming. Swifti is not especially threatening or harmful. In fact, Swifti has been around in some variant or another since 2009, with its last update occurring in 2015. However, the distribution method and exploits used to deliver Swifti via exploit kits have caught the attention of PC security researchers and increased the profile of the Swifti Trojan.

Characteristics of Swifti and Security Issues Associated with this Trojan’s Distribution

The exploit that is being used to distribute Swifti may affect only specific operating systems and Web browsers. The exploit associated with Swifti may be used to install this Trojan on computers using Windows XP combined with Internet Explorer 6 or 8, Windows 7 with Internet Explorer 8, Windows 8 with Internet Explorer 10, and the Windows8-RT-KB3008925-x86 update. In the specific variant of Angler that has been analyzed, Windows 8.1 and Google Chrome are not affected by this exploit. However, it is highly likely that Angler may be upgraded in future releases to target a wider variety of operating systems and Web browsers with this vulnerability. A patch for this vulnerability has not yet been released, making computer users vulnerable to Swifti infections.

Other Threats Associated with Swifti

Swifti is not the only threat infection being distributed using this exploit. Another threat associated with these attacks is known as Bedep. This threat infection is a distribution botnet that may then be used to deliver multiple threat infections to the victim's computer. Bedep is being used to install threats that manipulate advertisement networks to make it seem as if the computer users has clicked or viewed multiple advertisements in order to generate revenue. This type of advertisement fraud is a typical way of generating revenue at the expense of computer users. Malware researchers consider that the exploit associated with Swifti and this other threat infection is a severe threat. This is not due, in fact, to the strength or destructive potential of the attack, but rather to the widespread use of Flash and the lack of a patch.