Even Flash Can Get Viruses

Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926. It consists of a Macromedia Flash movie and seems to be the first of its kind. It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files. Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."

Re:McAfee

[Cacophony]

Just as long as it don't break Superfly flash movies!

Re:Why Infect Flash?

[bdavenport]

The worm does not destroy files on a user's computer, but renames all files of the .jpeg and .zip type and moves them to the PC's root directory, said Patrick Nolan, a virus researcher with McAfee's Anti-Virus Emergency Response Team (AVERT).

Although the worm does not delete files, it can clog e-mail networks and take e-mail servers offline. Cleaning up files that have been relocated and renamed could also waste considerable man hours, Nolan said.

like most viri written by 1337 script kiddies, the real aim appears to create confusion and waste people's time/money. the "I Love You" virus didn't have a real payload, but boy did it do a job on the mail servers of many corporation. several friends' companies lost several days of work b/c their employees like to click EXEs. this will be the same. plenty of people send funnies with SWF files - with the virus infecting via that cute pink icon, expect plenty of people to click away.

Re:Yow.... really....

[MadCow42]

{rant}
Any you truly believe that plain, boring, run-of-the-mill HTML is what has brought grandma, grandpa, your niece, and Ubu the dog onto the internet?

High-level scripting languages like Flash, Java, JavaScript, etc., have brought the Internet into a "slicker" dimension... one that appeals to the masses rather than just technodweebs.

Ok, so you say: "Why do I care if they've made the Internet popular with the masses? Fsck 'em, the Internet is made for technodweebies like me anyways!"

Why do you think you can get broadband for $40/mo instead of having to get a T1 at $800/mo? Why do you think you can get $400 off your next computer when you sign up for online access? Why do you think computer prices are falling rapidly and performance is growing just as quick? None of that would be happening if computers, driven by the desire for the Internet, weren't booming.

{/rant}

MadCow

Re:Why Infect Flash?

[Rentar]

I'm on a Karma-Trip, so I'll burn some of it by asking a offtopic meta-question:

I myself wouldn't really call the parent-posting "Insightful", rather quite the opposite (it even mentioned the lack of insight), but I think it is a "+1, Good Question", don't we need more different Reasons? Especially now that we can grade the Reasons (maybe I'm into questions and I hate all those "+1, Insightful" and "+1, Interesting" posts, giving them -6, but I really dig those with "+1, Good Question" and "-1, Redundant" (Redundancy never harmed anyone was harldy harmed by Redundancy).

And what about "-1, Karma whore", hell even "+1, Karma Whore", or more neutral "+0, Karma whore"?

Man, I'm happy that I don't have to moderate this comment, I wouldn't know what to do ... maybe "+1, Offtopic"?

This is a really great example...

[KC7GR]

...of something I've believed since I started using the Internet in the mid-80's.

Specifically: Why the frell do we even NEED Flash or its brethren in any case? It seems to exist solely to make pretty pictures, and spew forth alleged "music" or other SFX, and waste a lot of bandwidth in the process.

Remember: If you cannot manage your native language well enough to get a CLEAR message across to your site's visitors in plain ASCII text, then NO amount of flashing fonts, pretty colors, bandwidth-hungry animations, or silly sound effects is going to help you in the least.

Don't even get me started about how precious few web sites are even usable by those who are vision-impaired, and need to use a text-to-speech converter on their computer. How many sites are in blatant violation of ADA accessibility guidelines even as I write this?

Web designers, take note: Sites today have entirely too much fluff, and far too little in terms of USEFUL and EASILY READABLE content. Remember that "simple" is NOT a bad thing. This latest virus serves only to emphasize that point.

Re:Why Infect Flash?

[aardvarkjoe]

Yeah! And while we're at it, how about:

-1, Stupid (aka -1, Disagrees with Me) (At least this way moderators could be honest about their moderations)

+1, The Only Intelligent Post in the Entire Discussion

-1, Sarcasm that Everyone Missed

-1, Cut-And-Paste

+0, Goatse.cx (That way we can adjust them up/down as we would like)

-5, He Insulted The Slashdot Staff And I'll Help Prevent Him from Being Bitchslapped

Actually, given the new system, it might make more sense to not bother with the +/- on moderations at all any more. Just let moderators mark it however they want, and then let people choose whatever values they want to assign to it. For instance, I'd like to make overrated, redundant, and possibly offtopic not count for anything, as they're primarily used to silence opposition while trying to underfly the metamod radar.