[thelist] Flash virus

Erik Mattheis gozz at gozz.com
Tue Jan 8 15:12:02 CST 2002


Flash files can indeed launch applications ... easy! But only when 
exported as a projector (.exe) or as a swf viewed in the stand-alone 
player - only distributed with Flash authoring application.

Here is a thread from Nov 2000 about whether it could be used 
maliciously: 
http://www.were-here.com/forums/showthread.php?threadid=35238 (I'm 
sure you could find older  discussion about potential abuses of 
exec()). In the thread people claim to have done similar things just 
to see if it can be done ... and seems posted code has been deleted 
by the mods.

Am I being weird to think this "alert" is alarmist for not mentioning 
that you only have to worry about the vulnerability if you have the 
stand alone player ... don't most virus alerts mention what systems 
are potentially affected? Joe and Jane Internet User would read that 
page and think they can get a virus from visiting a Flash website.

Maybe I'm just being paranoid about the 
vast-right-wing-anti-Flash-conspiracy ...

>For the first time, a Flash virus has been detected. See 
>http://www.sophos.com/virusinfo/analyses/swflfm926.html for more 
>details.
-- 

__________________________________________
- Erik Mattheis

(612) 377 2272
http://goZz.com/

__________________________________________





More information about the thelist mailing list