Hi forum friends,

See this Wepawet SWF report: http://wepawet.iseclab.org/view.php?hash=5197ca257bc0f132313b6c0fe6ee465b&type=swf
This was checked: h-ttp://www.youtube.com/v/5k-NS16b9_k&autoplay=1 packed by ZLIB

-http://www.youtube.com/v/5k-NS16b9_k&autoplay=1 - archive BINARYRES

-http://www.youtube.com/v/5k-NS16b9_k&autoplay=1/data001 - Ok
-http://www.youtube.com/v/5k-NS16b9_k&autoplay=1 - Ok
file comes from IP 69.175.20.162
Detected should be Mal_Hifrm, that is a heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware: HTML_IFRAME
Also see: http://www.virustotal.com/latest-report.html?resource=1b687108104a54cfc92b44819e912c3a

polonus