- Adobe flash player virus 2014 install#
- Adobe flash player virus 2014 update#
- Adobe flash player virus 2014 download#
Ransomlock screen displayed after several minutesįigure 5.
Adobe flash player virus 2014 download#
Next, the Trojan connects to the following command-and-control (C&C) server in order to download an encrypted file onto the compromised computer before the computer is locked:įigure 4. Once these files are executed on the computer, a new variant of appears on the compromised computer.
All three files are identical and are used by the attacker to enhance the resilience of the threat by providing further locations for the threat to contact should any one particular site be inaccessible for any reason. The Trojan then receives commands to download files from the following locations: The flash_player_updater.exe file opens a /POST request on port 8080 to the following URL: Option 1 installs ransomware, while Option 2 installs an ad-clicking component, both for illegal revenue generation.įigure 2. They also monitor for SMTP, IMAP, and POP3 credentials.Īlthough these files are the same, they exhibit different behaviors. Symantec currently detects both of these files as Downloader.Ponik.ĭuring our analysis we found that, in addition to stealing passwords, these files appear to be looking for FTP/telnet/SSH credentials for all of the popular clients currently in use. Option 2 is the “Download Now” button that requests the user to download a file named update_flash_player.exe. Option 1 is a pop-up message that requests the user to download a file named flash_player_updater.exe. The attacker’s main goal is to make sure that a successful installation occurs, and presents two options to the user for maximum return. Most of the links resolve back to the attacking domain and all of the links within the page-besides the link to the malware itself-resolve back to the root directory of the site, resulting in a 404 error. The attacker has created what appears to be a rather convincing landing page however, there are a few inconsistencies. Adobe flash player virus 2014 update#
Recently, we came across the following site masquerading itself as an Adobe Flash Player update page:
Adobe flash player virus 2014 install#
Cybercriminals are using social engineering methods to distribute their malware through fake Flash update sites, often compelling unsuspecting users, who may be in need of a software update, to unknowingly install malware. Because of its popularity and global install base, it is often a target of cybercriminals. Adobe Flash is one of the most widely distributed products on the Internet.
0 kommentar(er)
