Ralph Deen

Q: new malware disguised as flash installer

I'm a dummy....fell for the ruse, any ideas on how to get rid of this new malware?  thanks

iMac, Mac OS X (10.6.8)

Posted on Sep 27, 2011 7:45 AM

Close

Q: new malware disguised as flash installer

  • All replies
  • Helpful answers

first Previous Page 9 of 9
  • by Kurt Lang,

    Kurt Lang Kurt Lang Oct 1, 2011 10:29 AM in response to MadMacs0
    Level 8 (38,019 points)
    Mac OS X
    Oct 1, 2011 10:29 AM in response to MadMacs0
    There was such a site for a couple of days this week.

    Yes, that's all I really meant. Anyone trying to find Flash at that site name wouldn't have been able to find it, so I was just pointing to Adobe's site.

     

    Big surprise that it was very likely a malware site.

  • by SteveKir,

    SteveKir SteveKir Oct 12, 2011 6:18 AM in response to Ralph Deen
    Level 3 (546 points)
    Oct 12, 2011 6:18 AM in response to Ralph Deen

    I have just got this on my desktop:

     

    Flash message.jpg

    I have not clicked on "See details...". (No way!) "Adobe Flash Player Install Manager" has been automatically launched. It could be malware which is programmed to launch "Adobe Flash Player Install Manager" as a way to increase its authenticity? When I quit "Adobe Flash Player Install Manager", the message box disappears.

     

    How can I find out where it came from? and:

     

    Is it safe?

     

    (BTW: I am on Lion 10.7.1, not SnowLeopard which is the OS for this Discussion.)

  • by WZZZ,

    WZZZ WZZZ Oct 12, 2011 6:43 AM in response to SteveKir
    Level 6 (13,112 points)
    Mac OS X
    Oct 12, 2011 6:43 AM in response to SteveKir

    Go to the Adobe Flash Player download site and see if there's an update. This might legitimately be coming from the automatic update notification. If so, don't click on the pop-up, get it from the Adobe site as a standalone and install it. The latest Flash is 11.0.1.152

     

    https://www.adobe.com/support/flashplayer/downloads.html

  • by cathy fasano,

    cathy fasano cathy fasano Oct 12, 2011 7:20 AM in response to SteveKir
    Level 2 (350 points)
    Mac OS X
    Oct 12, 2011 7:20 AM in response to SteveKir

    Yeah, great going Adobe, where your legitimate software update procedures are indistinguishable from trojan horses.

     

    If I take away anything from this thread, it's this:  if you get an automatic upgrade notification from adobe, take that as meaning that you should CLOSE THE PANEL, go to the adobe website and download the upgrade and install it manually. 

  • by WZZZ,

    WZZZ WZZZ Oct 12, 2011 7:30 AM in response to cathy fasano
    Level 6 (13,112 points)
    Mac OS X
    Oct 12, 2011 7:30 AM in response to cathy fasano

    I don't know if they are indistinguishable from the Trojans -- and, in general, for security reasons, I'm no great fan of Adobe Flash or Reader, but, if true, why would that be Adobe's fault? FWIW, if one pays the least bit of attention -- providing one is a native English speaker or well schooled in English usage -- one will notice the pop-up from the Trojan is written in broken English, probably by some Russian or Ukrainian.

  • by SteveKir,

    SteveKir SteveKir Oct 12, 2011 11:29 AM in response to WZZZ
    Level 3 (546 points)
    Oct 12, 2011 11:29 AM in response to WZZZ

    That seems safe. However, to avoid phishing, it would be best to type in Adobe's site address manually, I think.

  • by WZZZ,

    WZZZ WZZZ Oct 12, 2011 12:01 PM in response to SteveKir
    Level 6 (13,112 points)
    Mac OS X
    Oct 12, 2011 12:01 PM in response to SteveKir

    That's a good idea when presented with a link in an email. But typing in the link I gave you manually won't change anything for getting redirected, and I don't think there's any chance of being redirected/phished. You'd have to worry, maybe, if you were getting this from a pop-up. It's the right link. Just click on "Get the latest version."

     

    Now, if it were something like Get FlashPlayer Update Here.

     

     

    Always check the staus bar to see where a text link really goes. And for a link in email, hover the mouse over the link and you'll get a yellow tool tip to show  the actual URL.

     

    Message was edited by: WZZZ

  • by SteveKir,

    SteveKir SteveKir Oct 24, 2011 12:07 PM in response to WZZZ
    Level 3 (546 points)
    Oct 24, 2011 12:07 PM in response to WZZZ

    This has gone very quiet. Have there been any developments? Is the panic over?

  • by MadMacs0,

    MadMacs0 MadMacs0 Oct 24, 2011 12:59 PM in response to SteveKir
    Level 5 (4,801 points)
    Oct 24, 2011 12:59 PM in response to SteveKir

    SteveKir wrote:

     

    This has gone very quiet. Have there been any developments? Is the panic over?

    As far as I know that last time they distributed anything was around Oct 11 for a very short period of time. One can only speculate as to when they might return with their next attack nor has there been any evidence that they have used the backdoor capability on the infected machines that are still out there for anything.

first Previous Page 9 of 9