Software Impersonation

At ZDNet, Ryan Naraine of security firm Kaspersky Lab advises to doublecheck the links you click in Twitter or weblogs: “A Twitter profile has started lending links with lures to a pornographic video of Brazilian pop star Kelly Key… If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine. In reality, this is a Trojan downloader that proceeds to download 10 bankers [password-theft malware] onto the infected machine, all of which are disguised as MP3 files.”

Bottom line: Clicking on links in social media is like not washing your hands after being out in public — you just can’t know what you will pick up.

The part that worries me the most is the “says it’s Adobe Flash” part. We’ve seen such impersonation before with files (“Naked Wife”, eg). But to actually impersonate a very well-known runtime? I’m not sure how that will play out. Some people will fall for it, and I feel for them, but most would see through it. Still, some real people will be hurt.

David Lenoe, from Adobe’s Security Team, had a blogpost up about it today. I don’t think that the people who need that reminder would ever see it though. I’m still concerned.

Adobe is not directly involved, but the infection relies upon using the existing goodwill towards the overall Adobe Flash ecology… without all those sites which made Flash a standard, this social exploitation would not work. (And Ryan’s article doesn’t clearly state whether the link is to an .HTM, .EXE, or other file, so it’s unclear to me yet whether URL-shortening services are currently enabling the exploit.)

A bigger bottom line: Someone out there in the world is going to get their bank accounts stolen because they saw a dialog that said “Adobe Flash” and they said “Okay”. I don’t feel right about that.

Do you have thoughts, advice, observations on this? I’m seeking different ways to look at this problem, different approaches we might take. Open to anything, thanks in advance.

3 Responses to Software Impersonation

  1. mattjpoole says:

    This really sux, though in some ways I suppose it highligts the success of the flash platform. Hackers realise how ubiquitous & trusted flash has become and will exploit it.
    Basically speaking the bigger you become, the bigger target you are.

  2. I think the only protection people can get online is their own brain. Malware will always try to mask itself for something else and I think the only thing why people will have their bank information stolen is because they don’t think before clicking links. It’s the same with fishing emails: you are safe unless you click the links. So I think it’s mostly the user to blame for not thinking before acting.

  3. mtaylor says:

    At the moment every browser plugin has a different proprietary install procedure, Java, Adobe Reader, Flash (which has several depending on platform and browser), this can make it difficult for an end user to keep track of what is considered suspicious behaviour and isn’t legit software. I hope these security threats will drive adoption of some consistency of install procedure for browser plugins.