Watch out for fake Adobe Flash updates (malware)

RussJK

This really shows why we need to only update Adobe Flash manually, instead of relying on the auto updater. A symptom of a fake Adobe Flash update will be that it'll happen far more regularly than the real Flash updates do.

If you seem to get constant Adobe Flash updates, then there is a reasonable chance that it's a fake one (or that some software error is preventing the update from happening).

Was playing with some malware samples tonight and came across one of them that is designed to fake Adobe Flash. Put it through one of the sandbox analysers to see what it'd do.

It'll make a popup that'll look like the normal window you see. This one happens to be in another language though:
http://anubis.iseclab.org/?action=result_img&task_id=1438138e8d1ab83f469b3ab544c93bfad&image=1.png

What it really does is harvest emails from all your accounts, phones home to a remote address - and also compromises internet explorer with a fake plugin:
http://anubis.iseclab.org/?action=result&task_id=1438138e8d1ab83f469b3ab544c93bfad&format=html

While this particular variant will be detected by most of the AVs, you really can't rely on this everytime:
http://www.virustotal.com/file-scan/report.html?id=4ece7754b8f7ee5ecdba13ae2c32fcde324d9ac897a2a4b7b9b7158a9e44bf4c-1309645630


Don't trust Adobe Flash auto updates. When you get the Update message, then press CTRL SHIFT ESC, and look in the Process list for anything dodgy.


It's worth using something like Filehippo Update Checker or Secunia Personal Software Inspector. to keep track of updates, and do it manually or through them:
http://www.filehippo.com/updatechecker/
http://secunia.com/vulnerability_scanning/personal/

Purple2011

I updated the Flash Player on my computer last week through an auto update. I won't do it that way again now I've read this but is there a way I can check it was an official update now? I do run quick scans with Malwarebytes everyday and all the scans are clear.

somersethillbilly

Thanks for the "heads up" Russ...a manual updater here, but will be sure to pass this on to others, thanks again. :T

RussJK

Purple2011 wrote: »

I updated the Flash Player on my computer last week through an auto update. I won't do it that way again now I've read this but is there a way I can check it was an official update now? I do run quick scans with Malwarebytes everyday and all the scans are clear.

You can manually check your version by going into Control Panel, Flash Player, then Advanced,

and on that page it'll have the version numbers there:

You can press 'Check now' to go to the Adobe Flash page to compare the version number:
http://get.adobe.com/flashplayer/

Whether or not someone should set it to "never check for updates" depends on how likely that person is to use another method to update - as Flash is one of the most targeted applications for exploits, so the genuine updates are important.

Purple2011

Thanks RussJK. I found it under Security in the control panel. I checked and it says I have version 10.3.181.26 installed. It doesn't match the latest version on the website. I'll download it manually now.

Edit: I've updated manually and the plug-in Version now says: 10.3.181.34. The ActiveX version is still showing as 10.3.181.26. I noticed the picture above doesn't have an ActiveX version installed, so is it something I could uninstall for extra safety?

RussJK

Purple2011 wrote: »

Edit: I've updated manually and the plug-in Version now says: 10.3.181.34. The ActiveX version is still showing as 10.3.181.26. I noticed the picture above doesn't have an ActiveX version installed, so is it something I could uninstall for extra safety?

Yeah if you aren't going to use the ActiveX, then it won't hurt to uninstall it. At worst just uninstall Flash completely, and then just reinstall the plugin. ActiveX is for internet explorer, which I don't use.