Re: Well lets name them....
The downvotes don't make mark 63 wrong, also thanks to g00se for pointing out the underlying mechanism. How would you detect malware in a flash file a customer submitted to you? Would you attempt a security analysis before sending it on beyond a check with an anti virus? Flash isn't *supposed* to be able to be compromised like that.
Arguably the bad decision was made when flash was used for advertising, but can you imagine arguing with your boss about letting through a flash advert if you're an advertising company technical advisor? The notion of decompiling and reverse engineering every flash file to check it for safety is unworkable.
I dare say this sort of exploitation was inevitable as flash for advertising became the complacently accepted norm. I started using flashblock myself after one too many websites started playing movies and sound automatically (rude bastards).
It's easy to be reactionary and blame ad agencies, but the problem really lies with..... well.... using software. Proprietary or open source, there isn't a type of software that's immune from vulnerabilities.