July 28th, 2004, 04:38 PM
Reading about the "Osama suicide" virus:
It looks like these flash viruses are growing in popularity. But how do they infect? Does simply browsing to a page with a flash file and allowing it to play result in the installation? If so, how? What's actually downloaded when you watch a flash file? Isn't a flash video displayed on a website a server-side execution? Or does the virus slip in while the video's loading client-side?
In response to this, Russian virus-makers created a trojan virus hidden in a flash movie named "BushF*Cowboy.exe". When the user runs this file it only installs the main trojan: Trojan.PSW.LdPinch, Ukrainian Antivirus Center (UAC) reports.
July 28th, 2004, 04:56 PM
Taken from News.com's article on a Flash Virus called "SWF/LFM-926".
"Ninety-nine-point-nine percent of the time, people play Flash movies from the Web in their browser," said Pete Santangeli, vice president of engineering for Flash at the San Francisco company. "That's completely safe."
It's only when a Flash file or movie is played on a PC through a standalone player included with Macromedia's authoring tools for Web designers that this type of virus can actually infect a PC.
Sophos blurb on virus
Sophos detailed analysis of virus
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
August 9th, 2004, 10:37 PM
August 10th, 2004, 03:12 PM
In the Osama case the .exe is a bit of a dead give-away isn't it? Looks like a trojan to me that hides behind a flash animation. Since it's an exe "they" can do whatever they want after you run it.
A flashvideo isn't played server side. You download a small package (swf file) that includes instructions on what and how to play it. Your flashplayer knows how to handle it.
As far as flashmovies (swf) files containing viruses goes I think it's possible but I never looked into it. You can use a scripting language in Flash so there should be some possibilities. Unless they've properly sandboxed it.
Experience is something you don't get until just after you need it.
August 10th, 2004, 03:16 PM
Gotcha. All makes sense now.
August 10th, 2004, 05:44 PM
For clarification, the scripting language for Flash is known as ActionScript.