Solve : Almost bitten by a fake adobe flash update?

1.	Solve : Almost bitten by a fake adobe flash update?
Answer» Almost bitten by a fake adobe flash update. This came through a link from facebook about a guy who made a underground bunker hidden by a shed outdoors. I decided to check it out at a website called Answers dot com and about the 3rd page in I was given what looked like authentic flash update in which it wasnt totally unexpected. So I clicked to save file and BAM AVG Antivirus detected it as BAD BAD BAD... I then looked up and saw URL was NOT ADOBE! Screenshot of it attached. Be careful with Flash updates that look to be real, that are FAKE !!! Also I am surprised that whoever set this bogus adobe spoof with malware site set up encryption to get the green lock but didnt try to hide the URL better by spoofing that in some way as is seen in 2nd screenshot where I go to the website directly and get a blank page. Its only when following a specific path that you are given the bad webpage with the download trigger. [ATTACHMENT DELETED by admin to conserve space]Thanks for the warning. I thought that sort of thing was past. But sit is still going on. Maybe Adobe should change the update message with way to verify the message. If that is possible.If they had a protected update method that would be COOL. Similar to how Microsoft Updates work, that as far as I know, no one has been able to spoof that yet to my knowledge to force malware to systems through a patch tuesday etc. Surprisingly even video games out there that require frequent updates are somehow able to WARD off rampant virus distributions too where they have updates over a customer base torrent etc such as World of Warcraft where anyone could be a seed for an update for another to download and they are able to keep this clean through checksums I am guessing.Here is the click bait that grabbed my attention at facebook which lead to attempted infection: [attachment deleted by admin to conserve space]What's more disgusting is the site is verified by Comodo... I thought they were in the security business... Quote from: DaveLembke on June 06, 2016, 11:51:14 AM and about the 3rd page in I was given what looked like authentic flash update in which it wasnt totally unexpected. seems unexpected to me. I've only ever seen that particular page setup when explicitly visiting Adobe. I've certainly never seen it show up arbitrarily while browsing. Most sites which for whatever reason need Flash Player will provide a download link, which makes it easy for me to go back and never visit that site again. Quote What's more disgusting is the site is verified by Comodo... I thought they were in the security business... I too thought that, however not sure if they constantly monitor after approval to make sure a site doesnt go rogue. Oddly this websites home page is blank and the only form of entry to a hit of a page is through the deep dynamic name looking path. I havent attempted to crawl on their site to test for other points of entry to other hidden paths/pages mainly because its a waste of time and I dont WANT to find any hidden payloads at them.Awww...c'mon...where's your sense of adventure gone to ? ? Authentication certificates are primarily used to allow SSL and encrypted connections that prevent Man-in-the-middle attacks; they aren't a declaration by the certificate authority that the site itself is legitimate, just that you can connect to it securely without being "overheard". Got it...thanx.

Answer»

Almost bitten by a fake adobe flash update. This came through a link from facebook about a guy who made a underground bunker hidden by a shed outdoors. I decided to check it out at a website called Answers dot com and about the 3rd page in I was given what looked like authentic flash update in which it wasnt totally unexpected. So I clicked to save file and BAM AVG Antivirus detected it as BAD BAD BAD... I then looked up and saw URL was NOT ADOBE!

Screenshot of it attached. Be careful with Flash updates that look to be real, that are FAKE !!!

Also I am surprised that whoever set this bogus adobe spoof with malware site set up encryption to get the green lock but didnt try to hide the URL better by spoofing that in some way as is seen in 2nd screenshot where I go to the website directly and get a blank page. Its only when following a specific path that you are given the bad webpage with the download trigger.

[ATTACHMENT DELETED by admin to conserve space]Thanks for the warning. I thought that sort of thing was past. But sit is still going on. Maybe Adobe should change the update message with way to verify the message. If that is possible.If they had a protected update method that would be COOL. Similar to how Microsoft Updates work, that as far as I know, no one has been able to spoof that yet to my knowledge to force malware to systems through a patch tuesday etc.

Surprisingly even video games out there that require frequent updates are somehow able to WARD off rampant virus distributions too where they have updates over a customer base torrent etc such as World of Warcraft where anyone could be a seed for an update for another to download and they are able to keep this clean through checksums I am guessing.Here is the click bait that grabbed my attention at facebook which lead to attempted infection:

[attachment deleted by admin to conserve space]What's more disgusting is the site is verified by Comodo...

I thought they were in the security business... Quote from: DaveLembke on June 06, 2016, 11:51:14 AM

and about the 3rd page in I was given what looked like authentic flash update in which it wasnt totally unexpected.

seems unexpected to me. I've only ever seen that particular page setup when explicitly visiting Adobe. I've certainly never seen it show up arbitrarily while browsing. Most sites which for whatever reason need Flash Player will provide a download link, which makes it easy for me to go back and never visit that site again.
Quote

What's more disgusting is the site is verified by Comodo...

I thought they were in the security business...

I too thought that, however not sure if they constantly monitor after approval to make sure a site doesnt go rogue. Oddly this websites home page is blank and the only form of entry to a hit of a page is through the deep dynamic name looking path. I havent attempted to crawl on their site to test for other points of entry to other hidden paths/pages mainly because its a waste of time and I dont WANT to find any hidden payloads at them.Awww...c'mon...where's your sense of adventure gone to ? ?
Authentication certificates are primarily used to allow SSL and encrypted connections that prevent Man-in-the-middle attacks; they aren't a declaration by the certificate authority that the site itself is legitimate, just that you can connect to it securely without being "overheard".

Got it...thanx.

Solve : Almost bitten by a fake adobe flash update?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment