Tuesday, August 05, 2008

Adobe urges users to validate Software Update Installers

The Adobe Product Security Incident Response Team (PSIRT) posted a Verifying Installers entry on August 4, 2008 (in italics below). They added this notice following the news that malware links are being included in the comments sections of such Web 2.0 sites as MySpace and Facebook. Hackers are attempting to trick Windows users into installing a Flash Player update that turns out to be a malicious program. To read more about these worms, see Web worms squirm through Facebook, MySpace.

Adobe makes a number of good points below, that we've bolded. Even if you don't use sites like MySpace, Facebook or Twitter, you should be very cautious of links or pop-ups that want you to download and install software. If in doubt, just say NO. You should also be aware that you can verify valid software by checking its digital certificate.

"We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.

We’d like to take this opportunity to reiterate the importance of validating installers and updates before installing them. First off, do not download Flash Player from a site other than adobe.com – you can find the link for downloading Flash Player
here. This goes for any piece of software (Reader, Windows Media Player, Quicktime, etc.) – if you get a notice to update, it’s not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.

Second, all Adobe software for Windows is signed with a digital certificate that is validated by Windows when you install our software. The Publisher will always be ‘Adobe Systems, Incorporated’, and you can verify this when you double-click the installer, or by right-clicking on the installer, selecting ‘Properties’, and going to the ‘Digital Signatures’ tab.

For Flash Player in particular, you can always go to
this page to verify what version of Flash Player you have installed, and what the current version of Flash Player is for your Operating System. The current Flash Player version is"

No comments: