Fake Flash updates - Facebook and MySpace are not the only distribution conduits being used

ZDNET warns that criminals are tricking people into installing malware via fake Flash update prompts at  and fake youtube sites.
Cite: http://blogs.zdnet.com/security/?p=1615&tag=nl.e550

Adobe have responded, but sadly the man in the street does not read their blog:
http://blogs.adobe.com/psirt/2008/08/verifying_installers.html

 

It should be noted that fake Flash updates are not new behaviour.   Here are some reports from March of this year:

Cite:  http://swatrant.blogspot.com/2008/03/one-more-fake-flash-player.html (13 March)
Cite: http://swatrant.blogspot.com/2008/03/fake-macromedia-flash-activex-plugin.html (3 March)

Jesper sent me screenshots yesterday of a similar incident to that described in the report on swatrant on 13 March.  The incident Jesper examined eventually led the victim to a fraudware site and added several new processes to the computer in question.  It is important to note that the malware URLs are being distributed via spam.

 

Here are screenshots of a sample spam, the fake Flash updater and the fraudware site:

image

 

image

image

image

Published Wed, Aug 6 2008 10:23 by sandi
Filed under: ,

Comments

# re: Fake Flash updates - Facebook and MySpace are not the only distribution conduits being used

Tuesday, August 26, 2008 6:00 AM by richard

I have received emails and messages on facebook linking to a fake youtube site where i am prompted to "update" my settings. This is backed up by a second fake email/message from someone on my facebook friends list who has apparently "watched" the video... and thinks i should see it. Both these emails are FAKE and were not sent by the persons indicated.