Security experts detected a phishing malware campaign that scammed users into downloading viruses through counterfeit Adobe Flash updates.
Hackers Initiate Malware Campaign via Counterfeit Flash Updates
Fake Adobe Flash updates have become the newest hit among computer criminals. Computer users have come up with web sites showcasing fake Adobe Flash alerts, notifying them of an urgent update that is needed to the popular browser plugin. Via various redirections link a malware download is initiated which contains computer viruses.
Similar infections were noted yesterday that has been carried out by the Rig Exploit Kit via the EiTest campaign. It seems that this case might be a variant of that incident. For the counterfeit Flash updates, the payload is being downloaded from a Dropbox account upon a redirection from the phishing site. The security experts have also identified two possible Qadars C&C servers.
Upon infection, the Sality virus is downloaded on the target computer. This malware can read the Windows product ID and access stored information on the installed web browsers such as history, cookies and saved passwords.
From the provided sample phishing site we can conclude that the attackers have imitated the same appearance of the original Adobe download page. The only difference between the two is the address which does not reside on their domain.
The Adobe Flash Plugin Is a Good Option for Phishing
The choice of the Adobe Flash browser plugin is not a bad one. This web technology has been plagued by security issues, and web developers have started to substitute most of the Flash contents to HTML5. As some users are still Flash for various compatibility and development reasons, they rely on Adobe for providing them with the latest security and stability updates. These are the people who are most likely going to be targeted by the malicious campaign.
The Google Chrome browser includes Adobe Flash in its installation package, and the developers have enabled auto updating as a default setting. Users of this browser should never worry about manually updating Flash on their browser.
Adobe has incorporated the automatic updating option for Windows and Mac OS X users that can be enabled during installation. The program will check with the official server for a newer software version. This is the recommended configuration for all desktop users.
Refer to the official Background Updates help article for more information.