RSS Alerts

Related Links

  • Barracuda Labs
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Safer Internet Day – watch out for fake updates says Webroot
    Today, as you may have noticed, is Safer Internet Day, when vendors in the IT security world will almost certainly be appearing on the radio and TV explaining how to surf the net more securely. But, says Webroot, one of those vendors, users should watch – especially today – for fake updates to their security software.
  • Trend Micro warns that Koobface abuses Google Reader
    Trend Micro has uncovered that the Koobface botnet is now abusing Google Reader, the web-based data aggregation service, routing internet users to infected websites via seemingly innocent Youtube videos.
  • The battle of the internet browsers
    Browsers are the hackers’ window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and why user education is one of the primary solutions for increased security
  • Koobface makes (another) comeback
    According to Harley, who is a director of malware intelligence with ESET, Koobface's latest attack modus operandi is that it only infects users the first time the victim accesses the site.
  • More problems with Adobe's security updates revealed
    Hard on the heels of problems with Adobe's security update strategies identified this week, it now seems that the installation software used by Adobe for its Reader and Flash applications has a security flaw.

News

Fake Adobe Flash updates lure the unwary

09 July 2010

Barracuda Networks has warned internet surfers to be wary of fake Adobe flash updates, after it uncovered a number of compromised sites in the wild which present unwary visitors with an official-looking Adobe Flash update page.

Even though this page looks convincing, the IT security vendor says that downloading the `update' only provides the user with a nasty piece of malware that is classified by McAfee as Downloader-CEW.f.

As a result of its findings, Barracuda is urging users to only get Adobe Flash updates directly from the source - http://get.adobe.com/flashplayer.

According to the IT security vendor, by tracking trending news topics, hackers quickly register a rogue website which climbs the news trending charts fairly quickly.

Clicking on the highlighted result when a search for news is carried out sends the user directly to the fake upgrade page.

But there is a way to spot the fake pages, as Barracuda reports that the dialog boxes opening to the malware only allow uses to click `continue' and other clicks are ignored.

And, says the company's security blog posting, if the user does run the file, it will download a background clicker that uses the Internet connection to generate fake Internet traffic.

"While this activity goes on unseen, additional scamware and spyware programs are downloaded", says the IT security vendor.

The problem, says the firm, is that an unsuspecting user can be compromised in no time, which is why it is recommended to get Adobe Flash updates directly from the source.

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water