[NEWS] New Virus Infects Macromedia Flash Files

From: support@securiteam.com
Date: 01/10/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Thu, 10 Jan 2002 10:09:28 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  New Virus Infects Macromedia Flash Files
------------------------------------------------------------------------

SUMMARY

A proof of concept virus that has the potential to infect Flash files
commonly used on Web sites has been discovered.

DETAILS

The SWF/LFM-926 virus, which could infect surfers if they download and
then open a Flash file on their PC, is the first of its kind. Simply
viewing a Web site or Flash movie fails to cause infection, but this is a
simple proof of concept of the ability of virus writers to develop a
flash-based Virus. The SWF/LFM-926 Virus only infects other Macromedia
Flash files but this shows the ability of building a Virus that can
spread, and future versions may carry damaging payloads.

Vendor response:
Macromedia has issued a statement clarifying that the issue affects only
Macromedia Flash and not Shockwave content, which is produced using
Director Shockwave studio, a different product.

A patch for Macromedia Flash will be available latter this week, the firm
promised. More information can be found
<http://www.macromedia.com/support/flash/> here.

Antivirus vendors, and out initial report, referred to Shockwave Flash but
this is inaccurate: .SWF used to stand for Shockwave Flash file format,
but now it's just Flash.

ADDITIONAL INFORMATION

An analysis of the virus by Sophos can be found here:
 <http://www.sophos.com/virusinfo/analyses/swflfm926.html>
http://www.sophos.com/virusinfo/analyses/swflfm926.html

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages