Even Flash Can Get Viruses

Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926. It consists of a Macromedia Flash movie and seems to be the first of its kind. It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files. Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."

Re:Why Infect Flash?

[bdavenport]

The worm does not destroy files on a user's computer, but renames all files of the .jpeg and .zip type and moves them to the PC's root directory, said Patrick Nolan, a virus researcher with McAfee's Anti-Virus Emergency Response Team (AVERT).

Although the worm does not delete files, it can clog e-mail networks and take e-mail servers offline. Cleaning up files that have been relocated and renamed could also waste considerable man hours, Nolan said.

like most viri written by 1337 script kiddies, the real aim appears to create confusion and waste people's time/money. the "I Love You" virus didn't have a real payload, but boy did it do a job on the mail servers of many corporation. several friends' companies lost several days of work b/c their employees like to click EXEs. this will be the same. plenty of people send funnies with SWF files - with the virus infecting via that cute pink icon, expect plenty of people to click away.

Re:Yow.... really....

[MadCow42]

{rant}
Any you truly believe that plain, boring, run-of-the-mill HTML is what has brought grandma, grandpa, your niece, and Ubu the dog onto the internet?

High-level scripting languages like Flash, Java, JavaScript, etc., have brought the Internet into a "slicker" dimension... one that appeals to the masses rather than just technodweebs.

Ok, so you say: "Why do I care if they've made the Internet popular with the masses? Fsck 'em, the Internet is made for technodweebies like me anyways!"

Why do you think you can get broadband for $40/mo instead of having to get a T1 at $800/mo? Why do you think you can get $400 off your next computer when you sign up for online access? Why do you think computer prices are falling rapidly and performance is growing just as quick? None of that would be happening if computers, driven by the desire for the Internet, weren't booming.

{/rant}

MadCow

This is a really great example...

[KC7GR]

...of something I've believed since I started using the Internet in the mid-80's.

Specifically: Why the frell do we even NEED Flash or its brethren in any case? It seems to exist solely to make pretty pictures, and spew forth alleged "music" or other SFX, and waste a lot of bandwidth in the process.

Remember: If you cannot manage your native language well enough to get a CLEAR message across to your site's visitors in plain ASCII text, then NO amount of flashing fonts, pretty colors, bandwidth-hungry animations, or silly sound effects is going to help you in the least.

Don't even get me started about how precious few web sites are even usable by those who are vision-impaired, and need to use a text-to-speech converter on their computer. How many sites are in blatant violation of ADA accessibility guidelines even as I write this?

Web designers, take note: Sites today have entirely too much fluff, and far too little in terms of USEFUL and EASILY READABLE content. Remember that "simple" is NOT a bad thing. This latest virus serves only to emphasize that point.