I was googling for garage door sensors last night and also watching the local online news station, and sometime in that time frame, the Avast siren went off. The suspect file had an swf extension and was in the My_Documents/Application Data/Temp folder. I am guessing Avast picked it up when I enabled a script from a website as no scans were scheduled. Perhaps it was an FP from the news site or it was a bad guy from the garage sites? I had to enable a few scripts in Firefox to see the catalogs. Beats me.

I thought shock wave files, if that’s what it was, can’t do much harm?

I didn’t save it so I can’t submit it for a 3rd part analysis. I always reload my OS from a backup image when things are suspect, so it’s gone.

Just thought I’d ask.

Harry

There are vulnerabilities in old versions of the shockwave player so a swf file could I guess be crafted to exploit the vulnerability in the player and avast is detecting that exploit attempt.

Ensure you have the latest shockwave player version.

Visit this site http://secunia.com/software_inspector/, it requires JAVA and it checks for old vulnerable versions of some software.

Oh yeah, swf (flash) files are commonly exploited nowadays…
If you have an up-to-date flash plugin, you should be safe but that doesn’t change anything on the fact that the swf file itself may be compromised.

Thanks for the feedback Vlk.

Thanks all for the information. My shockwave and flash players had been updated prior to the discovery. What bums me out is picking up the file in the first place. I use Firefox 3 with noscript and usually look at the siteadvisor ratings in Google. Must have slipped up somewhere.

Ratings are subjective and really should be considered advisory, I prefer the WOT add-on for rating the google searches.

NoScript does block flash by default, but once you allow the site you allow flash or if you click on the flash button to display/run it so it too isn’t a total protection option.