This morning I stumbled across what seems to be a new malware-spreading technique: A fake updates for Google Chrome and a fake 'media player' update that is designed to look like it's coming from Adobe. Both updates are digitally signed by valid VeriSign code signing certificates. This is not unprecedented, but it's highly unusual for malware authors to use an expensive provider like VeriSign. Are now part of Symantec. The fake Chrome update uses a logo similar to Chrome's, but obviously distinguishable from it. The page correctly identifies the version of Chrome I was running (the current version) and then says that it 'may be outdated'. The file is named Chrome_Security_Plugin_Setup.exe and is 1.74MB. The file information identifies it as 'Express Install' version '3, 7, 1, 0'. The publisher, also identified in the VeriSign code signing certificate, is 'TINY INSTALLER'. ![]() According to VirusTotal Friday morning,. Fortinet and ESET recognize it as W32/Kryptik. A Fortinet blog entry from earlier this year as being focused on stealing FTP information, and congratulated the author on the high quality of his code. I discovered the files by accident. Through a typo in the address bar I went to an address from which the browser was redirected a couple of times until it ended up on a page which loaded one of the two attacks described above. I have notified the Administrative contact for the domain, which appears to have been parked. The first time I encountered the files I got to the pages with no problem. Shortly thereafter, Google Safe Browsing API blocked access to them in Firefox and Chrome. Related Topics. By registering you become a member of the CBS Interactive family of sites and you have read and agree to the,. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services. You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. Adobe Flash Player enables you to play flash videos on web browsers like Chrome, Safari, Firefox, etc. And you need to make the Flash update frequently. Adobe Flash has caused many web plug-in vulnerability problems in the past, you have to update it from now and then. Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. You may unsubscribe from these newsletters at any time. ACCEPT & CLOSE.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |