Thursday, May 23, 2013

Fake software updates

We must all be aware that a very popular and effective tactic currently used to spread malware is the offering of fake updates to popular programs needed to view or play common web content. Examples include the Adobe Flash Player and various video players or web browser plug-ins. Suspicious or malicious web sites (sometimes not recognized as such) may offer desirable content that prompts the user to install updated viewer / player software. Sometimes legitimate web sites get infiltrated and have their pages altered with links that trick the user into accepting malware. Such offered updates may be fake and are designed to install malware.

Last year one of my family members tried to view a Star Trek video clip on a web site, which advised that an updated video player was needed. Upon downloading the supposed player update, a pop-up box advised that Antivirus 2010 had detected virus infections on the PC and that an update was needed to remove them. The update would require a credit card payment to proceed. Fortunately my family member went no further. I was able to remove the bogus Antivirus 2010 that was the actual malware.

This morning's roundtable discussion with my friends mentioned a Flash Player Pro update obtained from a web site that carried malware to the user's computer. A quick search on Google reveals that many instances of fake Flash Player programs or updates are lurking on the web.
If you believe that you need a particular viewer update, it is best to visit the original publishers' web sites rather than trust links on some content provider's web site. Some examples include:
http://java.com/en/ -- click on Free Java Download
http://www.adobe.com/ -- click on Download and choose Adobe Reader
http://www.adobe.com/ -- click on Download and choose Adobe Flash Player
http://www.microsoft.com/en-us/default.aspx – go to the Download section
Note that Java and Flash are very popular current targets for malware distributors.

Installed anti-virus programs may not catch the malware that an unsuspecting user downloads from a web site. Some reasons for this failure are:
  • Anti-virus programs rely mainly on profiles or signatures of discovered malware. Newly-developed malware may not be detected using current profiles.
  • Anti-virus profiles must be updated frequently. Delays in updating can leave vulnerabilities to certain malware.
  • Independent testing has not shown any antivirus program to be 100% effective.
  • Malware programs are becoming more effective at evading detection.

You may want to go to http://secunia.com/vulnerability_scanning/online/ and run the Online Scanner to check your PC(s) for outdated software that has security vulnerabilities. This runs a Java applet to perform the scan. 

Here are two web sites that can enhance your understanding of many facets of online security:

Take care!