Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: First Shockwave virus (amazing shite)

  1. #1
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Post First Shockwave virus (amazing shite)

    If this just doesn't take the cake. Sophos, antivirus company based out of the UK, was the first to detect this new strain of "viruses".

    The following is quoted from www.xatrix.org :

    End users who browse an affected website may become infected if they download and open the Flash file on their computer.

    Computer users visiting snazzy sites would get more than they bargained for if they downloaded this virus. The Shockwave virus is not yet in the wild, but it is clear proof that virus writers continue to search for new ways to infect computer users. The best defence is to keep your security software up-to-date and practise safe computing.

    Sophos recommends webmasters put in place procedures and policies to ensure the integrity of the code they place on their websites, whether it be obviously executable (in the case of, for instance, EXE and COM files) or Shockwave Flash movies.

    Sophos has issued a detailed analysis and protection against the SWF/LFM-926 virus.
    Normally I don't write up on things like this since Matty_Cross does a much better job of it than I could ever do, however, this is something interesting as it's in the browser and could be machine dependent (as $ENV{} variables are passed along). Glad I don't care too much for shockwave or flash...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  2. #2
    Yes this is crazy - there seems to be no limit on what virus creators will use to distribute their viruses. Security Focus also has an article up, here is the link:

    http://www.securityfocus.com/news/303

    What will they come up with next? I'm afraid to ask
    - Maverick

  3. #3
    That just made my day. Another reason why flash sucks. Well I guess it's good to know about it then download it later, lol.

  4. #4
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Yeah...I've never been a staunch advocate of the use of "bells-and-whistles" programs to make a website spiffy. Loadtimes increase with every picture, graph, flash, shockwave, etc that has to be used in order to just make the front-end look "good". CGI is different in the aspect that while the page is loading, it's running, and when you get the data, it's current to whatever the specs of the script is.

    I recommend the following for cgi scripts being used in pages, especially high-traffic ones:

    1: create a "Page is loading and data is being gathered" page that's displayed while a boolean cgi-variable is set to FALSE.

    2: when the data is gathered, and the cgi variable that's FALSE is set to TRUE, have it dump the data to the web page that's created on the fly (static page with dynamic content), load the page.

    Fairly fast and works for me, as long as you don't try to dump half the planet to disk and expect it to write amazingly fast (unless your *nix server is really high-end hehe).
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    It's amazing what these people are able to do, just about anything can be infected with a virus and I'm guessing that it's only gonna get worse.

    I read the other day that someone managed to shut down some types of Nokia phones by sending an SMS, which prevented them from being turned unless a new SIM card was inserted.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  6. #6
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514
    All these vulnerabilities are nuts! People say in the future that they want everything connected to everything (i.e. the radio to the internet) but look how things are now. LoL. You would have to spend your day downloading DAT files for your TV, hehe...
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at
    [gloworange]http://www.loonyservices.com/[/gloworange]

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    Originally posted by uraloony
    All these vulnerabilities are nuts! People say in the future that they want everything connected to everything (i.e. the radio to the internet) but look how things are now. LoL. You would have to spend your day downloading DAT files for your TV, hehe...
    That would be scary. Imagine if your on a heart machine that was controlled from the hospital (via internet), if a virus or cracker took it over than you would be screwed. Or if your house was all connected and computers, then someone can annoy you by playing with water temps, lights, and everything else.

    Bill gates is trying to make a house like that. Go here for the story.
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  8. #8
    It seems this virus is more a nuisance than a real security threat. As VIRUSLIST reports it needs quite a few variables in it's favour to work-

    Reported by VirusList
    A detailed analysis of LFM has shown that the current virus is more proof-of-concept than presenting a real threat to Internet users. In order to spread, this malicious program requires several important conditions, whose simultaneous execution is highly unlikely. First of all, LFM requires that a computer has been installed with a full program version that executes Macromedia Shockwave files - special plug-in versions installed on Internet Explorer and Netscape Navigator by default are not enough for the virus to operate. Secondly, a user has to manually download the infected SMF file to his computer and start it up. Thirdly, LFM is only capable of infecting SMF files located in the same directory as the file-carrying virus.

    As you can see it would be highly unlikely for this virus to "take hold" but all the same, it's out there!

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Yeah...sounds pretty tough eh? But the main impact of risk, or so I've heard, is that a buffer overflow can be used to execute arbitrary code stored in the SWF file. "Bad" arbitrary code causes the plugin to crash the browser. "Good" arbitrary code can execute a program on the browser's computer. This can be used to propogate a virus, worm, or do other harmful tasks.

    [P.S. - I got this (almost exact copy) in an email]
    ...This Space For Rent.

    -[WebCarnage]

  10. #10

    Wink It's fixed

    I've read about the vulnerability also but I've also read that it's a low threat and there's already a patch availably from macromedia.

    The virus, dubbed SWF/LFM.926, is low risk because it must be downloaded manually and cannot spread itself to other computers over e-mail or through Web browsers like many other viruses can, experts said.
    Macromedia will release information on the virus and patch at http://www.macromedia.com/support/flash/.

    More info available here.


    Remote_Access_

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •