Antivirus software vendors say they have spotted the first computer virus that uses Macromedia's Shockwave Flash files to transmit itself once a victim clicks to run the Flash movie.
Identified as SWF/LFM-926 by antivirus software vendor Sophos, this virus is not yet "in the wild," infecting computers. The Shockwave Flash virus was sent to Sophos as a sample via anonymous email, and this specimen is now being shared and analyzed among several antivirus vendors.
The virus doesn't appear to spread the way typical email-borne viruses would. According to Network Associates virus researcher Craig Schmugar, any possible victim of this new Shockwave Flash virus would have to save an infected file locally and open it with a Flash player.
The SWF/LFM-926 virus is not destructive except in its ability to infect other Shockwave Flash files stored on a victim's computer. Nevertheless, there is concern that this simple proof-of-concept virus could turn into much more over time.
Macromedia's Shockwave Flash has not attracted virus writers to exploit it until now, in part because Microsoft products, such as Word and Outlook email, are much more widely used and therefore make better vehicles for viruses to spread. In addition, said Schmugar, Macromedia made a conscious effort over the years to prevent its animation and special-effects technology from becoming a target for exploitation.
But the unknown writer of SWF/LFM-926 has proven that Flash movies can now be exploited as a vehicle for computer viruses.
"The virus is exploiting the Action Scripting in Shockwave Flash," says Network Associates virus researcher Schmugar. When a victim runs the Flash file, which is a picture-puzzle game, the virus creates a file called v.com that resides on the hard drive. It then runs v.com, which infects all other Flash files on the hard drive.
SWF/LFM-926 is regarded as a low-level threat, but its existence may lead to more virus damage down the road. "Though it's unlikely this virus will ever be widespread, someone could improve upon it," Schmugar indicated.
If that happens, Shockwave Flash, popular on Web sites, could become infected with a more harmful virus that could spread more easily.
"Computer users visiting snazzy sites would get more than they bargained for if they download this virus," stated Graham Cluley, senior technical consultant for Sophos.
Sophos is urging Web site managers to take the prudent course and put in place procedures for ensuring the integrity of the code running on their Web sites in preparation for a new breed of computer virus.