TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
SWF_DLOADER.YVN
Overview
Solution

Malware type: Others

Aliases: Exploit.SWF.Downloader.a (Kaspersky), Downloader.Swif.C (Symantec), Troj/SWFexp-D (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

SWF_DLOADER.YVN Behavior Diagram

Malware Overview

This malicious Shockwave Flash (.SWF) object may be downloaded by SWF_DLOADER.YVM. It may also be downloaded from certain remote sites, or hosted on a Web site and run when a user accesses the said Web site.

It is a specially crafted .SWF file that exploits the following vulnerability:

  • Integer Overflow in Adobe Flash Player Allows Remote Arbitrary Code Execution

    • When executed using Flash player, it then executes arbitrary codes which lead to the accessing, downloading, and execution of malicious files from certain Web sites. Trend Micro detects the downloaded files as TROJ_WIESSY.J and WORM_OTWYCAL.BO. As a result, routines of the downloaded Trojan and worm are also exhibited on the affected system.

    For additional information about this threat, see:
    Solution
    Technical Details

    Description created: May. 28, 2008 6:02:48 AM GMT -0800

    Search a new malware

    Tell us how we did. Take our quick survey.