Adobe: Beware of fake Flash downloads

Adobe: Beware of fake Flash downloads

Summary: Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.The company's notice comes on the heels of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.

SHARE:

Beware of fake Flash downloadsAmidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.

The company's notice comes on the heels of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.

Some golden advice from Adobe's advisory:

First off, do not download Flash Player from a site other than adobe.com --  you can find the link for downloading Flash Player here. This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc.) – if you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.

Second, all Adobe software for Windows is signed with a digital certificate that is validated by Windows when you install our software. The Publisher will always be 'Adobe Systems, Incorporated', and you can verify this when you double-click the installer, or by right-clicking on the installer, selecting 'Properties', and going to the 'Digital Signatures' tab.

For Flash Player in particular, computer users can use this page to verify what version of Flash Player is installed, and what the current version of Flash Player is for your operating system. The most recent version of Flash Player version is 9.0.124.0.

Adobe Flash is arguably the most widely deployed software in the world.

Topics: Windows, CXO, Enterprise Software, Operating Systems, Security, Software, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments
Log in or register to join the discussion
  • Judicious editing

    "First off, do not download Flash Player from a site other than adobe.com"

    Close, but let's try this instead:

    "First off, do not download Flash Player."

    Ah, much better.
    CharlieSpencer
    • Next, leave computer turned off

      Flash is used to deliver a lot of the content webizens want.

      Why not try to offer useful advice?
      waecaidr@...
      • "Flash is used to deliver a lot of the content webizens want. "

        True. Porn IS the driving force of the web.
        bmerc
    • You forgot...

      First, do not try to think. Thinking for yourself, is very, very dangerous.
      DonRupertBitByte
    • RE: Judicious Editing

      I tend to agree!

      I wish Adobe would explain why Adobe Reader 9 requires 200+ MB on a hard drive, for merely a PDF reader???


      Talk about Windoze bloat????
      fatman65535
    • Do Not Download Flash Player??

      If you do not download and install it, how then can you see/use content of a website that is built with flash, and requires that you have flash player installed on your system?

      Web development is advancing a hell of a lot and Fortunately or Unfortunately Flash is being used more and more to develop them.

      You should give some thought about this matter, as it is not just ads or additional content of a site that uses flash, some builders create their sites ENTIRELY on flash.

      Menus, Site Navigation, even scrolling text (used for information) in some sites uses flash.

      So can you advise users as to how to view THESE sites without flash player? And please don't say "don't go to these sites"
      KeithAu001
      • Use Adobe to update

        No one is saying do not use Flashplayer. It is an attractive target for malware. Do not knee jerk respond to any request to update. Do so yourself now and ignore any such requests. So check out your version and update from Adobe website with link(s) provided.
        sjbinaz
  • RE: Adobe: Beware of fake Flash downloads

    Those fake malware infested downloads have been in various newsgroups for a while.

    They even posted a Flash Player 10.0 [and a Windows Live Messenger 9.0].
    Gis Bun
    • Flash Player 10.0

      Flash Player 10.0 Beta is available from Adobe.
      Greenknight_z
      • Beta 10

        I've used the beta 10 for quite some while, and although most sites interact with it just fine, some do not. In fact, I believe zdnet has a problem with it. I reinstalled the last so-called "stable" version for better compatibility.
        Ross Snowden
      • Flash Player 10 ?????

        I just went to the Adobe Site and looked for flash player, 9.0.124.0 is the latest version on offer from that site so it may be better if you tell people that it is from http://labs.adobe.com/technologies/flashplayer10/ (The Adobe Labs Site) and not http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash the Adobe.com site.
        KeithAu001
  • Gee, they say that as though your average...

    ...facebook, twitter, or myspace user reads technical blogs an would know better.

    I really don't understand how non-IT users survive the Internet.
    JohnMcGrew@...
  • RE: Adobe: Beware of fake Flash downloads

    They have technical relatives they can go to when they down load this crap. I have had to fix two in the past week.
    tsudhonimh
  • RE: Adobe: Beware of fake Flash downloads

    Hmmm, mine says:

    You have version 10,0,0,525 installed
    Ross Snowden
    • Same Problem

      Mine said the same. I used their link to download and install the latest official version.

      Did that take care of it, or do I need to do additional cleanup?
      duane@...
    • Then you gotta problem!...

      I would seriously uninstall it and do some serious AV/AS scanning.

      You might even download Senunia PSI and see what if anything it reports on that file. Secunia is what I use to find out what is insecure and in need of a patch/removal.
      JCitizen
      • Nevermind I see there is a new one..

        apparently.

        http://labs.adobe.com/technologies/flashplayer10/

        I have found out that it pays to wait at least a week to make sure the new version doesn't have any vulnerabilities in it as well! Sometimes they are worse off than before!
        JCitizen
    • Beta Build

      [i]"Hmmm, mine says:

      You have version 10,0,0,525 installed"[/i]

      Last time I checked, that was the build number of the current Flash 10 Beta. Where'd you get it from?
      Greenknight_z
  • RE: Adobe: Beware of fake Flash downloads

    Would you like to present some examples ?
    .
    ?
    Dusterman
  • What about the Adobe auto-updater??

    You know, the one that runs out when you get a network connection and checks if there's a newer version. How are we to know that has not been "gamed"? Are we only safe when we initiate the download directly ourselves, by visiting the adobe site and verifying checksums? That pretty much throws all these auto-update and auto-patch tools by the wayside. So much for manageability.
    Techboy_z