Results 1 to 6 of 6

Thread: Flash Viruses

  1. #1

    Question Flash Viruses

    Reading about the "Osama suicide" virus:

    In response to this, Russian virus-makers created a trojan virus hidden in a flash movie named "BushF*Cowboy.exe". When the user runs this file it only installs the main trojan: Trojan.PSW.LdPinch, Ukrainian Antivirus Center (UAC) reports.
    It looks like these flash viruses are growing in popularity. But how do they infect? Does simply browsing to a page with a flash file and allowing it to play result in the installation? If so, how? What's actually downloaded when you watch a flash file? Isn't a flash video displayed on a website a server-side execution? Or does the virus slip in while the video's loading client-side?

    Just curious.

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    "Ninety-nine-point-nine percent of the time, people play Flash movies from the Web in their browser," said Pete Santangeli, vice president of engineering for Flash at the San Francisco company. "That's completely safe."

    It's only when a Flash file or movie is played on a PC through a standalone player included with Macromedia's authoring tools for Web designers that this type of virus can actually infect a PC.
    Taken from News.com's article on a Flash Virus called "SWF/LFM-926".

    Sophos blurb on virus
    Sophos detailed analysis of virus

    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    Junior Member
    Join Date
    Aug 2004
    Well, the flash virus i had a problem with, was called /\/3T/\P3\/\/0|2/\/\ And it starts when the video loads, then through javascript it found an exploit in the IE debugger, so it loads a server into the victim.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    In the Osama case the .exe is a bit of a dead give-away isn't it? Looks like a trojan to me that hides behind a flash animation. Since it's an exe "they" can do whatever they want after you run it.

    A flashvideo isn't played server side. You download a small package (swf file) that includes instructions on what and how to play it. Your flashplayer knows how to handle it.

    As far as flashmovies (swf) files containing viruses goes I think it's possible but I never looked into it. You can use a scripting language in Flash so there should be some possibilities. Unless they've properly sandboxed it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Gotcha. All makes sense now.

  6. #6
    For clarification, the scripting language for Flash is known as ActionScript.
    --> MyWebsite <--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts