Proof Of Concept Virus Infects Shockwave Flash Files

Printer-friendly version Email this CRN article

A new computer virus is the first to infect Macromedia Shockwave Flash files, security experts said Tuesday.

SWF/LFM.926 appears to be a "proof of concept" virus and poses a low risk, security firms said. There was only one report of the virus, which is not destructive.

"People have gotten pretty used to VBS script viruses, the executable e-mail files that come through," said Jerry Freese, director of intelligence at Vigilinx, a security services firm based in Parsippany, N.J. "But this is something different."

To be infected, a user has to manually download and execute an infected Shockwave Flash file, he said. The virus infects all the Shockwave Flash files on the user's system but doesn't do any damage.

McAfee, a division of Network Associates, rated the virus as a low risk and had a software update available to detect it.

Virus writers have looked for a way to infect Shockwave Flash files but up to now have been unsuccessful, said Craig Schmugar, virus research engineer at McAfee.

"One of the appeals for the virus authors to infect these files is because they're pretty popular," he said.

Sophos, an antivirus vendor based in Wakefield, Mass., said it discovered the virus and shared the information with other vendors for them to study.

The company said the virus targets Webmasters who use Shockwave to add animation and special effects to their Web sites and users who browse an affected Web site and download and open an infected file.

"The Shockwave virus is not yet in the wild, but it is clear proof that virus writers continue to search for new ways to infect computer users," Graham Cluley, senior technology consultant for Sophos, said in a prepared statement.

While not dangerous, the virus could open the door to similar viruses that do damage, Freese said.

"It's not like this thing will never be used for anything malicious. It certainly could be," he said.

"We would expect to look for other virus writers to follow this lead and try to do something malicious," Schmugar said.

Printer-friendly version Email this CRN article