The Register® — Biting the hand that feeds IT

Feeds

Fake flash player site used to spread malware

Shockwave horror

By John Leyden, 22nd June 2007
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Hackers have developed a new ruse that attempts to trick users into downloading malware from a fake Adobe Shockwave Player download site.

Prospective marks who stray onto lure sites - such as a game site related to RuneScape - are presented with broken icons in an attempt to convince them that their copy of Shockwave (if already installed) isn't working properly.

Links from the site all point to another site which "diagnoses the problem" as caused by a need to upgrade Macromedia Flash Player. The user is redirected to a bogus site that poses as the Shockwave Player Download Center.

Of course, the payload is a Trojan package - rather than the popular Flash package. The site features JavaScript that disables a user's right mouse click, the SANS Institute's Internet Storm Centre adds.

By using social engineering instead of exploiting prevalent vulnerabilities - such as the iFrame vulnerability in Internet Explorer - hackers are extending their range of potential targets.

Although its easy for the net-savvy to spot the fake site as a ringer (for one thing a fake URL is visible in the address bar) the tactic is still capable of tripping up the unwary. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (13)
Latest Comments
Pascal Monett

Guess what, Steve

Make a few thousand syringes with the label you cite and fill them plain old water. I think we'll all be surprised at the number of numbskulls who go ahead and actually inject their eyes.

0
0
Rick Stockton

REAL flash player site distributes malware

I downloaded some software like this, from a site called "adobe.com".

Now my PC keeps infecting itself with advertisements, they're so LOUD and JUMPY that I sometimes suffer convulsive attacks. (Wear sunglasses!) And most of the web sites suddenly start using weird menus they don't work and I can't figure them out.) And my dial-up connection acts like I've fallen from 56KB back to 300 baud.... maybe even 110.

Bad Malware.

0
0
Anonymous Coward
Anonymous Coward

This article.

Well, not all ISPs are going to be so kind as to offer such powerful blocking services, if you want those, some ISPs want you to pay more money to them just for that extra amount of coverage.

I think they have their reasons for doing this, so long as corporate politics dominates the industry scene, we have not been able to see any major breakthrough in the fight on malware.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
124
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13