Malware Driven Google Chrome and Adobe Flash Updates Reportedly Making the Rounds
Malware writers are a tricky bunch, and if you're not suspicious of every little thing on the Internet, you could fall prey to one of their many tactics, like spoofing software updates. It's not really a new method, though apparently serving up fake updates for Google Chrome and a fake media player update that appears to come from Adobe are popular right now.
To make it look even more authentic, both updates are digitally signed by valid VeriSign code signing certificates, ZDNet reports. This isn't the first time malware writers have tapped VeriSign to appear legitimate, though it's not always the preferred method because it's expensive.
Sometimes there are telltale signs of malware. In this case, the Chrome logo in the fake update is slightly different from the real logo. As for the Adobe update, it doesn't actually say "Adobe" or contain the company's logo, it just uses an update GUI that looks very similar to the real thing. Installing it will serve up adware, whereas the spoofed Chrome update is identified as W32/Kryptik, which gathers details on the infected host's FTP servers.
"I have dedicated much of this write up on the ability of this malware to steal FTP info; I believe that this is what the malware was designed for," Zandro Iligan, senior antivirus analyst with FortiGuard Labs, explains in a blog post. "Few authors take the time to make their malware code as clean as possible. This specific malware is well thought out and very carefully coded."
ZDNet's Larry Seltzer said he stumbled upon both spoofed updates through a typo in the address bar.
To make it look even more authentic, both updates are digitally signed by valid VeriSign code signing certificates, ZDNet reports. This isn't the first time malware writers have tapped VeriSign to appear legitimate, though it's not always the preferred method because it's expensive.
Sometimes there are telltale signs of malware. In this case, the Chrome logo in the fake update is slightly different from the real logo. As for the Adobe update, it doesn't actually say "Adobe" or contain the company's logo, it just uses an update GUI that looks very similar to the real thing. Installing it will serve up adware, whereas the spoofed Chrome update is identified as W32/Kryptik, which gathers details on the infected host's FTP servers.
"I have dedicated much of this write up on the ability of this malware to steal FTP info; I believe that this is what the malware was designed for," Zandro Iligan, senior antivirus analyst with FortiGuard Labs, explains in a blog post. "Few authors take the time to make their malware code as clean as possible. This specific malware is well thought out and very carefully coded."
ZDNet's Larry Seltzer said he stumbled upon both spoofed updates through a typo in the address bar.
