Sophos warns of first virus to infect Flash

A virus that affects the popular Macromedia Flash Web animation environment has been discovered.

A virus that affects the popular Macromedia Flash Web animation environment has been discovered.

The virus, called SWF/ LFM-926, will not affect those who simply view Flash over the Web but will infect users who have Flash files stored on their hard drives. Webmasters and staff who create Flash routines for corporate Web sites are particularly at risk.

Anti-virus companies have warned businesses to ensure procedures are put in place to prevent infected applets from corrupting Flash files via corporate Web sites.

At the moment, the virus is benign and merely infects other Flash files without doing any damage. Graham Cluley, senior technical consultant for anti-virus company Sophos, explained, "It does not corrupt files or wipe hard drives - but the point is that it could have done. This is the first virus to be seen for Flash and proves that the software can be exploited.

"Having said that, the good news is that you cannot get it just from browsing. You have to download the file to your PC, which means it is a danger to webmasters, for example. In circumstances such as these, businesses need procedures to ensure the integrity of files uploaded to Web sites."

When an infected Flash file is played it displays the message "Loading.Flash.Movie". It then deposits a 926byte file named V.Com onto the PC's hard drive and infects all other Flash files therein.

The virus only affects Windows NT, Windows 2000 and XP systems and it has not yet been seen in the wild, having first been discovered when an anonymous virus writer sent it to Sophos.

Cluley said, "It sets a precedent and that can lead to copycat virus writing. Suppliers such as Macromedia which deal in complex scripting languages need to be careful as these offer fertile ground for probing."

Macromedia said it will issue a workaround to disable the file association between Flash files and the Flash player and will close the hole completely in the next version of the software.

Read more on Antivirus, firewall and IDS products