ADOBE FLASH PLAYER FOR MAC FAKE UPDATE
There are hackers, however, who are using a fake update to infect some computers with scareware by implementing an old trick, according to TNH Online. Adobe has released several updates for its Flash Player in the past few weeks. The publisher in both the PE header and VeriSign code signing certificate is identified as "Air Software" and the PE Product name is "Adobe Flash Player" version 2.0.4.54. An Adobe Flash Player fake update is being used by some hackers to infect some Mac devices with scareware. The file name is "Flash Player 12.exe" and is 814KB. It commands the user "Upgrade your Media Player now " and uses the look and feel of an Adobe update. The fake Adobe update is a little less clear on what product is mimicking. A Fortinet blog entry from earlier this year described a different variant of Kryptik as being focused on stealing FTP information, and congratulated the author on the high quality of his code. Fortinet and ESET recognize it as W32/Kryptik. The publisher, also identified in the VeriSign code signing certificate, is "TINY INSTALLER".Īccording to VirusTotal Friday morning, five out of the 48 products they work with recognized the file. The file information identifies it as "Express Install" version "3, 7, 1, 0". The file is named Chrome_Security_Plugin_Setup.exe and is 1.74MB. The page correctly identifies the version of Chrome I was running (the current version) and then says that it "may be outdated". The fake Chrome update uses a logo similar to Chrome's, but obviously distinguishable from it. VeriSign Authentication Services are now part of Symantec. This is not unprecedented, but it's highly unusual for malware authors to use an expensive provider like VeriSign. This morning I stumbled across what seems to be a new malware-spreading technique: A fake updates for Google Chrome and a fake "media player" update that is designed to look like it's coming from Adobe.īoth updates are digitally signed by valid VeriSign code signing certificates.
0 kommentar(er)
