Slashdot Mirror

← Back to Stories (view on slashdot.org)

Even Flash Can Get Viruses

Posted by timothy on from the blesshyoo dept.

Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926. It consists of a Macromedia Flash movie and seems to be the first of its kind. It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files. Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."

2 of 277 comments (clear)

  1. Re:McAfee by BigBir3d · · Score: 1, Redundant

    today NT, tomorrow WinME or Win2k, and next week WinXP.

    this one was probably just a test, although i am guessing they did not want to on the radar until they had a bigger badder version that affected all OS's.

    my $.02

  2. Macromedia statement by psantangeli · · Score: 0, Redundant

    Macromedia was recently informed of a potential issue with the standalone Macromedia Flash Player running on Microsoft Windows. This issue does not affect web content viewed in a browser. After testing by both Macromedia and Sophos Anti-virus, the company who initially reported this potential issue, Macromedia has found that this issue can only affect content that is sent via email or downloaded from a site and then run outside a browser. In either case, the content must be run in a Macromedia stand-alone Flash Player or associated Projector executable to represent a risk. This player is not installed by any browser installation, and is only installed with the Macromedia Flash authoring product. E-mail users should never open or download attachments or data unless they can be sure it is from a trusted source. Macromedia appreciates the work of Sophos in reporting this potential issue, and will be issuing a patch later this week; a fix will also be included in future versions of the product. For more information on the patch please visit: http://www.macromedia.com/support/flash/. Macromedia will continue to take potential security issues very seriously. Security issues concering the Macromedia Flash player may be mailed to flashplayer_security@macromedia.com. Pete Santangeli Vice President of Engineering, Macromedia Inc.