Similar to the Infusor 2000 problem (insertion of virii into whitespace of .jpg files) that plagued .jpg files during 1997 and 1998, Flash movies (.swf) and Portable Network Graphics (.png) files have been found to be manipulable by binary editors so that damaging code can be inserted into their whitespace. This output is not possible using the two MacroMedia products (Flash MX and FireWorks MX)that are the primary output editors for this type of file, it is always done after the fact and purposefully. Essentially what happens is that damaging code is inserted into the whitespaces (.swf) or into the basic header (.png) and this code can then be executed, usually to achieve backdoor admin privileges. There have been reports of files simply being erased also. Unpatched browsers (.png) or older version plugins (.swf) on Windows machines are the targets of this malicious code.
MacroMedia has received reports that the primary problem associated with tainted .swf movies is that an unknown alien admin can read all the files on the infected harddrive. Besides the ordinary virii risk, this also introduces a severe security risk. In addition, there are fifteen (15) known variants of the .swf problem. Basically, a buffer overflow is created, arbitrary code is executed during the buffer overflow, and the machine allows an alien admin to have privileges AND remote control of the machine.
The .png problem is caused by purposefully inserting corrupt data within the .png file. The corrupt data causes arbitrary code hidden within the file to be executed during the deflate portion of the .png rendering. Certain areas of memory are rewritten to allow the alien admin to have heightened priveleges, which could allow remote control, deleting files, rewriting files, downloading file, uploading of security related files, revelation of passwords and credit card information, uninstalling software and many other problems. It should be noted that both types (.swf and .png) of tainted graphics will look normal, it's what's going on behind the scenes that's dangerous. In addition, any software that uses IE as its renderer (OutLook, most helpfiles, and similar) are subject to the .png tainted graphic vulnerability. It isn't known if they are affected by the .swf one.
Fortunately, there are easy, safe and effective workarounds. MicroSoft recommends you visit them and install all the current service packs and patches for your OS and IE. These contain patches to disallow the .png problems. For .swf protection, visit MacroMedia's FlashPlayer download area and be sure to upgrade to the 6,0,65,0 version. This upgrade of FlashPlayer also fixes a previous problem webdevelopers had noticed about multiple small Flash movies on a page.
If you were damaged by a tainted graphic infection, a thorough cleansing with an anti-trojan or anti-virus program should fix most small problems (be sure to dump all browsers caches too). Major damage may require reformatting and reinstallation from clean backups. Pay special attention to unknown software dialing home (or known software dialing in a new and different way) and to unknown admins.
|
|
