Adobe has issued a call-to-arms for users to validate installers before downloading Adobe Flash software updates. This has become necessary due to confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware.
The company’s notice comes as a result of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.
An article was posted on the Adobe Product Security Incident Response Team website yesterday (August 4th 2008) advising of precautions that should be taken to avoid downloading and installing a fake Adobe Flash Player Update.
The article begins:
“Verifying Installers
We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.”
Adobe advise that the Flash Player should not be downloaded or updated from any site other than adobe.com – you can download Flash Player from the Adobe website from HERE.
Furthermore all Adobe software for Windows is signed with a digital certificate that is validated by Windows. When you install the software be sure to check the the publisher is ‘Adobe Systems, Incorporated’ and not any other company. If the publisher differs from this then cancel the installation / update.
For the full advisory visit the Adobe Product Security Incident Response Team website.
Related Articles: