Scam / Fraud / Hoax AlertsSource: F-Secure
Complete item: http://www.f-secure.com/weblog/archives/00001682.html
Description:
One
of our Web Security Analysts came across a website (118,000 ranking in Alexa)
that drives users into installing a fake Adobe Flash Player file. The site
prompts a message requesting the user download "a new version of Adobe Flash
Player" in order to view a video on the site.
Looks pretty authentic,
right? It even offers to download an "install_flash_player.exe" file for you.
The analyst was using a Linux system though, so this seemed slightly
odd. Turns out the site is a (pretty good) fake. Unless a visitor takes a
hard look at the address bar, it's pretty easy to be fooled. The
downloaded installer also looks like the original Adobe Flash Player installer,
though the checksum and digital signatures point out the
difference.
nstall_flash_player.exe version 10.0.22.87
md5:
51F26C0051E97A91145971FE5BC632FF
malware_install_flash_player.exe
md5:
71AD0C4A4168AA98BB20E3561E505CC7
Based on a reverse domain lookup on the
malware link, the fake site is hosted in Bulgaria.
E-Secure-IT
https://www.e-secure-it.com
