Timothy Westman-Barth
Level 2 (158 points)
iPhone

Q: FlashPlayer Virus

So, I was browsing the interwebs about an hour ago (just took this long to get around to posting this) and I clicked a link that didn't take me to the page I expected, and that I think I visiting with the same link a few minutes earlier; anyways, it prompted me to download an update to Adobe Flash player, however the update window openned and downloaded the update automatically, which I know it doesn't do, also the updater looked the one on Windows, just with a Mac's title bar at the top, might look like that on Macs too, but I can't remember ever updating it so... Also, there was a spelling mistake, and I am very particular about those sorts of things, so I noticed it, and I know that the real one doesn't have that, so anyways, the updater thingy was in the browser window, it just looked like a seperate window.

 

The webpage that I ended up getting directed to and that downloaded the file is: http://adobe****hplayer.rr.nu/8f/

The file is named: FlashPlayer-11-MacOSX.pkg

 

Well, I never openned it because of the obvious (in my opinion) fake... ness... but what concerned me was that after doing a Bing search (because I switched from Google last week, and even though I checked Google, I didn't find helpful results as fast) I found that there was such a virus before, not too long ago that I figured, it was after the MacDefender virus, but I didn't read the date on the article I read about it.

Anyways, what concerned me was that the thingy (XProtect I believe it is) allowed the file to be downloaded at all. I just checked and the thingy is set to update the "safe downloads list" automatically, so...

 

Anyways, is there a reason that it may have been allowed?

More importantly, does this potentially need reporting?

 

This is the webpage that downloaded the file

Intro - watch now-1-1.png

 

< Link Edited By Host >

MacBook Pro, Mac OS X (10.7.2), Mid 2010 model

Posted on Apr 8, 2012 9:58 AM

by Linc Davis,Solvedanswer
Linc Davis Linc Davis
Level 10 (208,037 points)
Applications
A:

Yes, it's a trojan, and this is why you can't rely on any automated protection from malware -- neither Apple's nor anyone else's. The attackers are always ahead of the defenders. The XProtect database doesn't yet include this item. The only effective defense against malware is common sense, which is what saved you in this case. I'm not aware of any way you can report malware to Apple.

Posted on Jan 20, 2012 6:44 PM

Close
Timothy Westman-Barth

Q: FlashPlayer Virus

  • All replies
  • Helpful answers

Previous Page 2

  • by Kurt Lang,

    Kurt Lang Kurt Lang Apr 7, 2012 7:45 AM in response to Mayapple
    Level 8 (38,024 points)
    Mac OS X
    Apr 7, 2012 7:45 AM in response to Mayapple

    I feel really stupid about clicking okay to the malware,

    Don't. That's exactly what the crooks hope for. That you aren't paying close enough attention, or to scare you into clicking on something with a dire sounding warning that you've been infected.

     

    Of course, there really are the less intelligent who (believe it or not!) continue to fall for the Nigerian scam. Greed, or the prospect of seemingly easy riches can make people do very stupid things.

  • by Topher Kessler,

    Topher Kessler Topher Kessler Apr 7, 2012 7:47 AM in response to Mayapple
    Level 6 (9,866 points)
    Apr 7, 2012 7:47 AM in response to Mayapple

    The Java update only closes the hole that allows for the malware installation, and does not get rid of it on an infected system. If you had an unpatched version of Java running on your system in the past month or two, then I would recommend you run the Terminal commands in that article to check for the presence of the malware (this can also be done with malware scanners).

  • by etresoft,

    etresoft etresoft Apr 7, 2012 9:39 AM in response to Timothy Westman-Barth
    Level 7 (29,380 points)
    Mac OS X
    Apr 7, 2012 9:39 AM in response to Timothy Westman-Barth

    This may be slightly off topic in this thread, but someone mentioned Flashback, so I'll chime in with this:

     

    I have created a user tip and malware checker/removal tool: https://discussions.apple.com/docs/DOC-3271

  • by Jim Burns,

    Jim Burns Jim Burns Apr 8, 2012 9:37 AM in response to Timothy Westman-Barth
    Level 1 (0 points)
    Apr 8, 2012 9:37 AM in response to Timothy Westman-Barth

    I used the removal tool you posted. It immedietly says no malware detected. Maybe what i have is not the flashback? My problems are when watching videos. A pop up window that cant be removed shows up over most videos. Its asking to allow or deny. Problem is, I cant do anything with it. It says it is has to do with  adobe flashplayer settings

  • by Kurt Lang,

    Kurt Lang Kurt Lang Apr 8, 2012 9:52 AM in response to Jim Burns
    Level 8 (38,024 points)
    Mac OS X
    Apr 8, 2012 9:52 AM in response to Jim Burns

    My problems are when watching videos. A pop up window that cant be removed shows up over most videos. Its asking to allow or deny. Problem is, I cant do anything with it. It says it is has to do with  adobe flashplayer settings

    That is a common problem with Flash videos on many sites. I see that on the local news web pages and other legitimate sites pretty frequently. What's happening is the Flash player is initially denying the Flash video to play and giving you the option to Deny or Allow. The problem is the site feeding the video on the page is repeatedly ignoring your request to halt loading and playback of the video, and immediately requesting again to allow playback.

  • by Jim Burns,

    Jim Burns Jim Burns Apr 8, 2012 10:36 AM in response to Kurt Lang
    Level 1 (0 points)
    Apr 8, 2012 10:36 AM in response to Kurt Lang

    Thanks Kurt, so the flashback virus isnt the proble? It just started recently, while my son was playing a video game on a kids site. Very annoying

     

    Jim

  • by Kurt Lang,

    Kurt Lang Kurt Lang Apr 8, 2012 4:30 PM in response to Jim Burns
    Level 8 (38,024 points)
    Mac OS X
    Apr 8, 2012 4:30 PM in response to Jim Burns

    Thanks Kurt, so the flashback virus isnt the proble?

    Nope. Despite the similarity of the name, Flashback doesn't have anything to do with the Adobe Flash player. It's just badly written sites ignoring your request to halt playback of the embedded Flash video.

    Very annoying

    Yes!

  • by Ady,

    Ady Ady Apr 9, 2012 2:16 AM in response to Topher Kessler
    Level 1 (25 points)
    Apr 9, 2012 2:16 AM in response to Topher Kessler

    thanks topher, for the article on c-net. I have 2 machines, one running still on OS 10.4.11, w/o intel. I ran the terminal commands on both computers, and only got positive results. (does not exist/no such file or directory). getting these outputs, is it 100% reliable, that they are not infected?

     

    thank you again!

  • by petermac87,

    petermac87 petermac87 Apr 9, 2012 2:23 AM in response to Ady
    Level 5 (7,402 points)
    Apr 9, 2012 2:23 AM in response to Ady

    There is actually a Flash Player Udate available. It is just lost in a jungle of paranoia and poor downloading practice.

     

    Good Luck

     

    Pete

  • by Dumpedal,

    Dumpedal Dumpedal Apr 9, 2012 3:12 AM in response to etresoft
    Level 1 (0 points)
    Apr 9, 2012 3:12 AM in response to etresoft

    Thanks etresoft for actually trying to help people!

     

    My macbook has been slowing down the last couple of months and I have tried a couple of virus/malware tests with no results.

    I ran your malware checker today and it suggested to remove the following items:

     

    Adobe Reader Updater Helper
    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
    com.google.keystone.agent.plist
    GoogleSoftwareUpdateAgent

     

    I have no idea whether these items are fake, but after removing them my mac runs like born again

     

    Thanks again,

    Per

Previous Page 2