0 Replies Latest reply on Aug 5, 2008 9:02 AM by HarryWaldron

    Adobe Flash - Beware of fake downloads circulating

      :eek: Security sites are warning users to get Adobe to carefully update or obtain their Flash Player browser plug-in. Malware writers are using get_flash_update.exe at hostile websites as one approach to trick folks. The flash player or associated security updates must only be installed from Adobe's official website.

      Adobe Flash - Beware of fake downloads circulating
      http://blogs.zdnet.com/security/?p=1648
      http://blogs.zdnet.com/security/?p=1615
      http://blogs.zdnet.com/security/?p=1640
      http://isc.sans.org/diary.html?storyid=4828
      http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

      QUOTE: Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.

      Adobe Bulletin - Importance of Verifying installers
      http://blogs.adobe.com/psirt/2008/08/verifying_installers.html

      QUOTE: We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.

      Adobe Flash can be downloaded from the official site. One change I'd like to see there is to not bundle the Google Toolbar as a pre-checked option.
      Abobe's official download site

      WARNING: Be sure to uncheck the Google Toolbar option if this additional download is not desired
      http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFl ash