Microsoft said it has received 70,000 reports this week of the bug, which changes users’ home pages and then redirects them.
“There are several clues something is amiss, namely part of the GUI for the supposed Flash 11 update is written in Turkish, and there is no scroll bar on the EULA,” noted Threatpost.
When a victim clicks on the link, a regular Flash Player dialog box pops up, sans scroll bar; only by highlighting the text can a user get to the bottom of the message. There, it notes that the home page will be changed. The install button is written in Turkish, which should be a red flag, but if the user clicks on it, he or she is taken to a malicious URL.
“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing,” Jonathan Jose, an anti-virus researcher at Microsoft, told Threatpost.
He added, “It’s a fairly simple ruse – misleading file name, misleading GUI, deliberately inaccessible EULA, misleading file properties – and some of the files are even signed.”
But, as he pointed out, social engineering doesn’t have to be particularly sophisticated to be successful.
“So the message today is be wary. If you think something ‘feels’ wrong (like that missing scrollbar in the EULA) it may well be. Listen to those feelings and use them to protect yourself by saying 'no' to content you don't trust,” he said.