[website-critique] Fw: * cybercrime-alerts * New virus first to infect Shockwave Flash

  • From: "DesignWorks" <tchapman@xxxxxxxxxxxxx>
  • To: <Takeatip-leaveatip@xxxxxxxxxxxxxxx>,<websitecritique@xxxxxxxxxxxxx>
  • Date: Tue, 8 Jan 2002 17:58:18 -0600

----- Original Message -----
From: "cybercrime-alerts" <majordomo@xxxxxxxxxxx>
To: <cybercrime-alerts@xxxxxxxxxx>
Sent: Tuesday, January 08, 2002 5:21 PM
Subject: * cybercrime-alerts * New virus first to infect Shockwave Flash

* via http://theMezz.com/lists

* subscribe at http://techPolice.com

New virus first to infect Shockwave Flash
By Robert Lemos
Staff Writer, CNET News.com
January 8, 2002, 3:05 p.m. PT
Antivirus companies warned PC users Tuesday that future Shockwave Flash
movies could carry malicious viruses and worms.

The caution came after an unknown virus writer sent just such an infectious
program to U.K. antivirus company Sophos. Dubbed SWF/LFM-926, the new
program does little but infect Flash files on a PC when the movie is played.

"It's really a proof of concept, as opposed to something that you should lie
awake at night worrying about," said Graham Cluley, senior technology
consultant for the Abingdon, U.K., company. "But whenever a new
vulnerability like this is found, other copycats tend to create more
malicious variants."

The SWF/LFM-926 should mainly be a concern to Web site designers who use
Flash animations to add pizzazz to their sites, Cluley said. Shockwave
Flash, created by digital media company Macromedia, is typically used on
sites to add interactive user interfaces and multimedia presentations.

Macromedia went even farther, calling the vulnerability through which the
virus spread "not that serious."

"Ninety-nine-point-nine percent of the time, people play Flash movies from
the Web in their browser," said Pete Santangeli, vice president of
engineering for Flash at the San Francisco company. "That's completely

It's only when a Flash file or movie is played on a PC through a standalone
player included with Macromedia's authoring tools for Web designers that
this type of virus can actually infect a PC.

When the infected Flash movie is played, the virus displays the message
"Loading.Flash.Movie..." and drops a 926-byte DOS file onto the PC. This
file--named V.COM--is run by the virus and infects all other Shockwave Flash
files in the current directory. The SWF/LFM-926 virus' name is derived from
the abbreviation for Shockwave, the displayed message and the size of the

The virus will only infect Windows NT, Windows 2000 and Windows XP systems,
but has not yet been seen circulating the Internet. Moreover, since the
virus doesn't have a way to spread quickly, it's unlikely to infect a large
number of PCs in its current form, said Craig Schmugar, virus research
engineer for security-software maker Network Associates.

"It won't be a very affective spreading method if they only use Shockwave
Flash," he said, citing NAI tests that confirmed the virus will not spread
when the Shockwave Flash is played in a Web browser.

"It is a double-edged sword," he said. "They have given their authoring
community an ability to create increased functionality. For the most part,
Macromedia has been strict about security; it would have been difficult for
them to see this coming."

The virus is not the first to try to fool those PC users with a weakness for
Shockwave Flash movies. In December 1999, the ProLin worm spread through
e-mail by posing as a Shockwave movie, but in reality it was a simple
Windows program file.

SWF/LFM-926 is a pure virus, meaning the program infects files and can only
spread when the compromised file is moved to another system.

Macromedia will release a workaround to disable the file association between
Shockwave Flash files and the local Flash player within a couple of days,
Macromedia's Santangeli said. In addition, the company plans to close the
hole in the player by the next version.

For the time being, e-mail users will have to add the SWF file format to
their list of attachments of which to be wary.

"Just as we have seen a first Adobe Acrobat file infector and the first
AutoCAD file infector, this is just a new way to get into the PC," NAI's
Schmugar said. "It does show that the virus writers are always looking for
new battleground."

FORECLOSED HOMES: Try A Free Search. Zero Down Homes!
3-4-5 bedroom homes directly from local banks & homeowners.
250,000 homes from $25,000. For A List Click Here!

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: cybercrime-alerts-subscribe@xxxxxxxxxx
--via http://theMezz.com

This email was sent to: tchapman@xxxxxxxxxxxx

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2BK22
Or send an email to: cybercrime-alerts-unsubscribe@xxxxxxxxxx

T O P I C A -- Register now to manage your mail!

Please Forward This Email to a Friend 

List Info: http://www.freelists.org/cgi-bin/webpage?webpage_id=websitecritique 

Other related posts:

  • » [website-critique] Fw: * cybercrime-alerts * New virus first to infect Shockwave Flash