new malware disguised as flash installer

I have just got this on my desktop:

I have not clicked on "See details...". (No way!) "Adobe Flash Player Install Manager" has been automatically launched. It could be malware which is programmed to launch "Adobe Flash Player Install Manager" as a way to increase its authenticity? When I quit "Adobe Flash Player Install Manager", the message box disappears.

How can I find out where it came from? and:

Is it safe?

(BTW: I am on Lion 10.7.1, not SnowLeopard which is the OS for this Discussion.)

Go to the Adobe Flash Player download site and see if there's an update. This might legitimately be coming from the automatic update notification. If so, don't click on the pop-up, get it from the Adobe site as a standalone and install it. The latest Flash is 11.0.1.152

https://www.adobe.com/support/flashplayer/downloads.html

Yeah, great going Adobe, where your legitimate software update procedures are indistinguishable from trojan horses.

If I take away anything from this thread, it's this: if you get an automatic upgrade notification from adobe, take that as meaning that you should CLOSE THE PANEL, go to the adobe website and download the upgrade and install it manually.

I don't know if they are indistinguishable from the Trojans -- and, in general, for security reasons, I'm no great fan of Adobe Flash or Reader, but, if true, why would that be Adobe's fault? FWIW, if one pays the least bit of attention -- providing one is a native English speaker or well schooled in English usage -- one will notice the pop-up from the Trojan is written in broken English, probably by some Russian or Ukrainian.

That seems safe. However, to avoid phishing, it would be best to type in Adobe's site address manually, I think.

That's a good idea when presented with a link in an email. But typing in the link I gave you manually won't change anything for getting redirected, and I don't think there's any chance of being redirected/phished. You'd have to worry, maybe, if you were getting this from a pop-up. It's the right link. Just click on "Get the latest version."

Now, if it were something like Get FlashPlayer Update Here.

Always check the staus bar to see where a text link really goes. And for a link in email, hover the mouse over the link and you'll get a yellow tool tip to show the actual URL.

Message was edited by: WZZZ

This has gone very quiet. Have there been any developments? Is the panic over?

SteveKir wrote:

This has gone very quiet. Have there been any developments? Is the panic over?

As far as I know that last time they distributed anything was around Oct 11 for a very short period of time. One can only speculate as to when they might return with their next attack nor has there been any evidence that they have used the backdoor capability on the infected machines that are still out there for anything.