Even Flash Can Get Viruses

Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926. It consists of a Macromedia Flash movie and seems to be the first of its kind. It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files. Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."

Old news

Here is a better article on the same virus. A must read, contains much more info than the linked article.

Someone send me the source!

[ImaLamer]

I would love to own a bunch of Windows NT boxes.

I know I've got that All Your Base swf sitting around.

Unlock it, put in the virus - and viola!

ALL YOUR WINDOWS BOX ARE BELONG TO US!!!

But seriously... XP is built on NT/2000... is this going to be another code red style worm?

Macromedia software is a security risk, IMO.

[Futurepower(tm)]

I've seen major problems with security in Macromedia Flash. Apparently someone was using a security bug in Macromedia software to run arbitrary programs.

Macromedia software wants to check the Macromedia web site for later versions. The communication software appeared to be the gateway for the attack. I reported this problem to Macromedia, but the company showed no interest.

A second problem with using Flash is that you give the URL of each of your customers to Macromedia. A third is that you have to post an advertisement for Macromedia that says "Download Flash if you don't have it". A fourth is that, if the user does not want to run Macromedia software, web sites using it are broken.