Slashdot Mirror

← Back to Stories (view on slashdot.org)

Even Flash Can Get Viruses

Posted by timothy on from the blesshyoo dept.

Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926. It consists of a Macromedia Flash movie and seems to be the first of its kind. It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files. Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."

4 of 277 comments (clear)

  1. Virus? by The+Great+Wakka · · Score: 0, Flamebait

    Does this virus just spread? Maybe it's time for macromedia to patch Flash, because more dangerous viruses may soon be on the way. And Flash is avalible for Linux too. Does this mean that Linux is equally supseptible (sp?)? I never even heard of or seen Macromedia Flash debugger. I thought Flash was just supposed to be a animation... huh. I guess viruses can seep from anywhere now.

    --
    Everything is mainstream now.
  2. What do you expect? by The+Paradox · · Score: 1, Flamebait
    Flash is an advanced scripting language at its heart. Seriously, people - DUH! Of course you can do virii with it - look at Java. Yes, it's supposed to run in a sandbox. Theory and practice are often light-years apart.

    People can do some cool things with Flash, yes. They can also do many annoying things, and finally they can do some dangerous things, as evidenced by this article.

    Yet another victory for Lynx users. When was the last time you heard of a terminal-based text-only browser bringing down a Unix system? ;)

    --
    Pain(n): when you're telnetting into a box doing somethin cool, and some luser calls for help with a 'critical error' ad
  3. Yow by Burgundy+Advocate · · Score: 1, Flamebait

    This is why people that don't use standard tools(HTML and images) on their pages piss me off. Whenever you start using fancy scriptable stuff there exists the possiblity for a security flaw.

    We've seen it before and we'll see it again.

    For this reason, please do the following:

    DO NOT support sites that use Flash
    DO NOT support sites that use Java
    DO NOT support sites that use ECMAscript
    DO NOT support sites that use Quicktime

    And the same for other plugins! Plain HTML is the only safe alternative.

    --
    Dragging people kicking and screaming into reality since 1996.
  4. Re:Someone send me the source! by ImaLamer · · Score: 1, Flamebait

    Troll? Fuck me man... there goes my karma when I finally get some.

    Wait, it was supposed to be funny. And can this infect XP? Seriously kids... my sister is a huge SWF fan.

    --
    Get your Unix fortune now!