Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

If a web page asks you to update Adobe Flash Player

You don't want to do so from that web page. Instead you want to go to the Adobe web site directly (www.adobe.com) and get the update from there. Newer versions of Flash should prompt you to update when you reboot your system every time a new version related to a security fix is pushed out. But if you're truly behind on versions, don't trust a web site that's telling you that you're behind. Go to the Adobe site. Why?

Here's why:


Both of these write-ups have something in common: the malicious code is delivered to you in the form of a prompt to update Adobe Flash Player. The prompt is fake, but it works because it relies on your trust. After all:

  • Adobe Flash Player is used heavily (YouTube, anyone?)
  • Adobe Flash Player gets updated fairly frequently
  • The interface used to prompt you to update in the first case looks like what Adobe has crafted in a legitimate update scenario.
  • The graphic used in the prompt in the second case looks like an Adobe image.

So given that updating Adobe Flash Player isn't an usual thing and that there are similarities with these fake updates and the real ones, folks trust the fake updates and end up getting infected. In the first case, it's impossible to tell that this prompt didn't come from a legitimate need to update Adobe Flash Player if all you do is look at the prompt. Therefore, the only safe thing to do is to close out the web browser entirely, restart it, go to the Adobe site, and check to see if you need to update Adobe Flash Player there.


Comments

No comments.

Leave a Comment

Please register or log in to leave a comment.