News

Virus affects non-Microsoft code - Flash hit

Wireless users may be among the first victims of a unique virus capable of infecting Macromedia Flash files. It has been discovered by corporate anti virus specialist Sophos.

The SWF/LFM-926 virus (catchy huh?) is more proof of concept code rather than anything malicious and damaging like Nimda or Code Red were. It could be particularly damaging to users of cable-free devices.

The unidentified author of the virus sent it direct to Sophos to highlight the vulnerability of Macromedia Flash movies. It's a risk that people in the security business have been warning of for some time.

The virus will only affect one user in twenty, as it won't unleash its payload unless the infected Flash movie is played on a PC, through a standalone player; and the overwhelming majority of us naturally use a browser to view these files, off the web page,

The payload is a tiny (926-byte) DOS file named V.COM that gets dropped onto the PC when the movie is played, during a message that purports to be loading the movie itself. It then infects all other Flash files in the current directory. It exploits the fact that Flash files can run scripts, and in this case V.COM is the consequence of a debug script run by the command line interpreter in a DOS box under Windows NT, 2K and XP systems.

So why worry about just another virus then, especially one that seems pretty weak in its ability to actually do anything?

Simple; as well as being commonly used on websites to add multimedia animations and special effects, especially on intro pages that are displayed as you connect to a site, Flash is also increasingly important in the mobile world thanks to the PocketPC Flash Player that extends the technology off of the desktop and onto wireless devices.

Indeed, some of the new generation of wireless devices such as the much heralded yet still somewhat elusive Pogo (www.pogo-tech.com) actually use Flash driven interfaces and applications.

The proof of concept virus should be seen as a warning that infection is possible, and unless security is tightened around the implementation of Flash technologies the door is open for malicious coders to come forward and up the stakes.

This SWF/LFM-926 virus has yet to make an impact upon the Internet, and as I write I have heard of no "in the wild" infection simply because it has no effective method of transportation. If it were to execute its payload within a browser client environment then things would be different of course.

This is where I start to get a little concerned, because if wireless devices such as the Pogo and its contemporaries rely on Flash as the core force behind both their user interfaces and applications , then it doesn't take a genius to work out that the next generation of viruses may not just be a Flash in the pan after all. Of course, it won't affect the Pogo itself, because it isn't PC compatible - it uses an ARM chip, after all.

Macromedia, the company behind Flash, has stated that its technical staff will work to close the hole in their software player by the next release version.