Sans has write up about a recent flash worm.
"A few days ago a lot of media wrote about a Flash worm. I managed to get hold of samples and analyzed it (thanks to Peter Kruse of CSIS for the samples).
The worm was first identified on a popular Chinese social web site (for schools, if I'm not wrong), Renren (http://www.renren.com). This site is in many ways similar to Twitter or Facebook, but much more media intensive and it allows users to share various information, including pictures, movies etc.
Users of this site can share videos with each other (same as on Facebook). Besides other media, users can also point to Flash movies and this was enough for the attacker to exploit one small error in the video player code used by the Renren site.
The URL to an SWF file posted by a user was processed by a function called playswf(). Among other things this function creates an embedded object (application/x-shockwave-flash) that points to the user supplied SWF file." - SANS
Read more: http://isc.sans.org/diary.html?storyid=7015