TOOLS FOR FLASH ANALYSIS
Update 13:35 PDT: False positive finding from CA triggering on System.security.allowDomain("*").
Regardless, these two sites are indispensable for their quick analytic capability.
Seeing System.security.allowDomain("*") as problematic in not necessarily wrong as it often indicates malicious content.
Breaking news regarding malicious Flash popping up from YouTube is starting to break all over the Internet.
CrunchGear has a bit of a write-up on it.
I grabbed the evil .swf in question from the URL below via command-line on my trusty Ubuntu box:
I then fed l.swf to Adops Tools and Wepawet.
The results from each analysis are below for your review.
Not good. ;-)
Adops Tools Results
Use in good faith, but always be careful grabbing the evil .swf.
del.icio.us | digg | Submit to Slashdot