Macromedia Shockwave - The Latest Computer-Virus Victim

08 Jan 2002
Virus News

The first malicious program infecting SWF files has been detected

Kaspersky Lab, an international data-security software developer, reports the detection of a virus, SWScript.LFM, which is the first malicious program that infects the popular multimedia format, Macromedia Shockwave.

Macromedia Shockwave (.SWF files) files contain video and audio data. The compactness, simplicity in creating animation and video, and support by the majority of Web applications has made Macromedia Shockwave files one of the most popular means for the transfer of multimedia information via the Internet. By using SWF files, hundreds of thousands of people around the world can send electronic congratulatory cards, and thousands of companies have integrated the Macromedia technology into their Web sites in order to make them more attractive and dynamic.

A detailed analysis of LFM has shown that the current virus is more proof-of-concept than presenting a real threat to Internet users. In order to spread, this malicious program requires several important conditions, whose simultaneous execution is highly unlikely. First of all, LFM requires that a computer has been installed with a full program version that executes Macromedia Shockwave files - special plug-in versions installed on Internet Explorer and Netscape Navigator by default are not enough for the virus to operate. Secondly, a user has to manually download the infected SMF file to his computer and start it up. Thirdly, LFM is only capable of infecting SMF files located in the same directory as the file-carrying virus.

In summarizing the aforementioned, Kaspersky Lab considers the possibility of an epidemic outbreak caused by the LFM virus to be very unlikely. Nevertheless, we recommend that users be very careful when dealing with Macromedia Shockwave files, because the appearance of other more operable malicious programs infecting SMF files cannot be excluded.

Defense procedures thwarting LFM have already been added to the Kaspersky Lab daily anti-virus database update as of January 8, 2002. More detailed information about this malicious program is available in the Kaspersky Virus Encyclopedia.