[thelist] Flash virus
Erik Mattheis
gozz at gozz.com
Tue Jan 8 15:12:02 CST 2002
Flash files can indeed launch applications ... easy! But only when
exported as a projector (.exe) or as a swf viewed in the stand-alone
player - only distributed with Flash authoring application.
Here is a thread from Nov 2000 about whether it could be used
maliciously:
http://www.were-here.com/forums/showthread.php?threadid=35238 (I'm
sure you could find older discussion about potential abuses of
exec()). In the thread people claim to have done similar things just
to see if it can be done ... and seems posted code has been deleted
by the mods.
Am I being weird to think this "alert" is alarmist for not mentioning
that you only have to worry about the vulnerability if you have the
stand alone player ... don't most virus alerts mention what systems
are potentially affected? Joe and Jane Internet User would read that
page and think they can get a virus from visiting a Flash website.
Maybe I'm just being paranoid about the
vast-right-wing-anti-Flash-conspiracy ...
>For the first time, a Flash virus has been detected. See
>http://www.sophos.com/virusinfo/analyses/swflfm926.html for more
>details.
--
__________________________________________
- Erik Mattheis
(612) 377 2272
http://goZz.com/
__________________________________________
More information about the thelist
mailing list