Skip to main content

Beware of fake Adobe Flash updates

Image
By
Bee careful when your browser asked you to update your Adobe Flash player. According to Barracuda Labs -"some sites offers visitors to update Adobe flash with an official-looking Adobe Flash update page. Even though this page looks convincing, downloading this ‘update’ only provides the user with a nasty piece of malware that McAfee currently classifies as Downloader-CEW.f."
And it is recommended that one can update their Flash player at http://get.adobe.com/flashplayer. only
And here is an example from Barracuda Labs " How it happens" -

Performing a quick search for a breaking news topic, such as LeBron James opening his own Twitter account, starts the process. Searching for “LeBron James Twitter” gives the highlighted result a rank of 62.
Google Results for LeBron James TwitterGoogle Results for trend topic "LeBron James Twitter"
Clicking on the highlighted result  sends the user directly to the fake upgrade page. Note that the actual domain is registered in the Cocos Islands.  Also note that the dialog offers Adobe Flash Player 11, while (at this writing) the current version of Flash is 10.1.
Fake Adobe Flash Update DialogFake Adobe Flash Update Dialog
Another sign that this dialog box is bad news is that none of the buttons close the dialog.  Clicking both”Cancel” and “Details” implores the user to click “Ok”  (which is not a button name).   Only “Continue” offers the user a path forward, to a Windows Security Warning dialog.

If the user does run the file, it will download a background clicker that uses the Internet connection to generate fake Internet traffic.  While this activity goes on unseen, additional scamware and spyware programs are downloaded, as seen below.
PC infected with malware
The unsuspecting user can be compromised in no time, which is why it is recommended to get Adobe Flash updates directly from the source.
Barracuda Web Filter and Barracuda Purewire Web Security Service customers are protected from these attacks.

Source: Barracuda Labs - Blog
Labels:

Popular posts from this blog

By
Access Gmail Offline On enabling offline access, Gmail will load in your browser even if you don't have an Internet connection. You can read messages, star, label and archive them, compose new mail and messages ready to be sent will wait in your Outbox until you're online again. It's built on the Gears platform, which has already been used to offline-enable Google Docs, Google Reader, and other third-party web  applications   To get started with offline Gmail - - Sign in to Gmail and click 'Settings'. - Click the 'Labs' tab and select 'Enable' next to 'Offline Gmail'. - Click 'Save Changes.' - In the upper righthand corner of your account, next to your username, there will be a new 'Offline' link. Click this link to start the offline synchronization process. Standard Edition users can follow these instructions immediately, while Premier and Education Edition users will first need their  domain  admins to enable Gmail Labs from...
Read more...

Introducing Samsung's first Windows Phone 8 - Samsung's ATIV S

By
Samsung announces new range of  Windows 8 devices ATIV S, ATIV Tab, ATIV smart PC and ATIV Smart PC Pro at IFA Berlin. ATIV S is built with the latest and best Software and Hardware technologies.  ATIV S is flat and 8.7mm mobile with huge 4.8" HD Super
Read more...
By
Big News for Music Lovers (Courtasy BBC ) Music pirates can be deterred by warnings from their internet service provider (ISP), suggests a survey. Almost 75% of music pirates would stop if told to by their ISP, the survey of 1,500 UK consumers found. The research looked at the digital habits of consumers and found that the abundance of online music services was convincing many to go straight. Just over half of those questioned said they got music from legal subscription sites, or those supported by ads. Older fans Conducted by Entertainment Media Research (EMR) the survey aimed to find out what kinds of digital media consumers like and also how media sellers can make it more palatable. The research revealed the effect of the campaign against persistent pirates conducted by the music industry. Acting on information supplied by music industry groups many ISPs have contacted customers to tell them they are suspected of illegally downloading music. "It is quite evident that an ISP-led...
Read more...