ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
Adobe warns of false Flash Player Installer attack


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number: 080708-01
Alert Date: 08/07/08
Alert Title: Adobe warns of false Flash Player Installer attack
Update-to: None.

OS/Platform/Application:

Adobe Flash Player

Category: ALERT
Severity: HIGH
Attention: Adobe Flash users, Technology Coordinators, System Administrators, Desktop Support Personnel.

Summary: The Adobe Product Security Response Team (PSIRT) has recently published a blog entry which details a social engineering attack that can install malware on a user's computer.  The essence of the attack is as follows: a link to a website is published on a popular site (e.g., a social networking site).  If visitors click on the link they are redirected to a site which appears to need an updated version of Flash Player in order to be viewed properly.  The link provides what appears to be an installer for the Flash needed update.  The installer does not install an updated version of Flash but instead installs malware on the victim's computer.  According to some Internet Security resources, the "installer" begins automatically when the victim browses to the site given in the weblink.

Recommended Actions:  Several Internet Security resources are reporting that weblinks to sites hosting this attack have been detected within posts on Twitter, a popular Social Networking/Microblogging site.  It is important to recognize that an attack such as this can be hosted from virtually any site or source since a weblink is all that would be required to set the attack in motion.

In addition to providing details of the attack, the Adobe PSIRT blog entry makes several recommendations on how to minimize a user's risk of unknowingly downloading malware disguised as software updates such as verifying that they are running the most up-to-date version of Flash and also installing Flash Player updates directly from Adobe systems.  Adobe Flash users are encouraged to read and follow the recommendations detailed in the PSIRT blog entry at their earliest convenience.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Adobe PSIRT Blog Entry:
http://blogs.adobe.com/psirt/2008/08/verifying_installers.html
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies