Adobe warns about falsified Flash player updates
Adobe has issued a warning about a trojan disguised as a Flash player update that over the past seven days or so, has been using MySpace and FaceBook to propagate itself. Some sites or profiles on the social networking web site purportedly contain such comments as "Paris Hilton tosses dwarf on the street", "Examiners Caught Downloading Grades From The Internet", "Hello; You must see it!!! LOL. My friend catched you on hidden cam" and "Is it really celebrity? Funny Moments and many others", including links to forged YouTube sites. Visitors to the fake sites, are asked to install a Flash player update (codecsetup.exe), which is also not genuine. Kaspersky says that the contained malware, Koobface, seems to be a bot and contains additional profiles with comments and links. Adobe advises users to install updates for the Flash player only from the official site. In addition, users are advised to make sure that the installer's digital certificate is valid – file properties. Adobe signs its software for Windows as "Adobe Systems, Incorporated".
For some time now, criminals have used fake Flash player updates and downloads for video codecs to attempt to inject Trojans onto user systems. Mac users have also been subjected to such attacks. Apparently, the method works most frequently in connection with porn web sites.
- Verifying Installers, Adobe Product Security Incident Response Team (PSIRT) blog entry
- New worms target both MySpace and Facebook users, Kaspersky report