Even Flash Can Get Viruses 277
Mechel Conrad writes: "Heise Online(German) writes about a Virus called SWF/LFM-926.
It consists of a Macromedia Flash movie and seems to be the first of its kind.
It uses Flash's scripting language in order to open a debug terminal creating and executing a file called V.COM, which infests other .SWF Files.
Although the virus is not very dangerous and not widespread yet, it suggests clear security holes in Flash." The translation of the Heise article is quite readable, too. Update: 01/08 22:47 GMT by T : bdavenport adds: "this report on Yahoo lists a new Shockwave virus as low grade due to the need of manual downloading. infoworld is reporting that McAfee has upgraded to high risk after several Fortune 500 firms have reported it in the wild, arriving as an email attachment."
Let's Just Pray That We Can't Get Foot & Mouth (Score:2, Funny)
Build it, and they will... (Score:5, Funny)
Cheers,
Ethelred
Finally! (Score:3, Funny)
Re:Cross Platform? (Score:1, Funny)
That vulnerability is purely theoretical... (Score:5, Funny)
Apologies, it's hard to find the original links since l0pht got up in the morning, put on a suit, and became @stake [atstake.com]
Hello. Wake up. Theoretical vulnerabilites become real, nasty, exploited vulnerabilites very fast. I assume you read comp.risks?
Looks like it isn't very likely to succeed
LOOKS LIKE? It's a done deal. Somebody has exploited a widely-distribited scripting engine. The people who did it as a "proof-of-concept" have proven that the interpreter for this language is wide-open and gagging for a jolly good rogering. I wonder how many unchecked buffers there are in that code. I wonder how it handles multi-byte characters. I desperately hope it wasn't written in C.
I sit here as a smug old Unix hacker, secure in the knowledge that lisp and Smalltalk programs are unlikely to be attacked in the same way that C programs are.
I'm also sure I'm wrong.