We’ve probably all seen it. You go to a web page, and it tells you that you need to update your flash player in order to access the site, and gives you a handy link to download it.
Well, “the bad guys” saw those, too, and there has been a recent wave of fake “update” programs on scam sites, as well as “hacked” sites. Sometimes, it will even come in the form of an “important message” supposedly from your bank, credit card company, or other well-known business.
The bad guys know that many people will simply click the link, and ignore any security warnings that come up, since similar warnings would be expected from a real install program.
The problem is that these e-mails and web pages don’t really have any flash content to display. They exist for the sole purpose of getting you to click on their “get the update” link, which, of course, is really a trojan meant to infect your system.
So, how can you tell if you really need to update your flash player (or other browser plugin)?
First, if you do decide to click on the download link (which I recommend against, unless it is a website you know to be “good”), the link should take you to the Adobe website, and not directly download the installer. Anything that attempts to download it directly should be immediately suspect.
Next, when you do finally download the installer, your browser should give you the option to save or run the program, and will include the website the program came from. If it’s not adobe.com or macromedia.com, again it should be immediately suspect. While there may be mirror sites hosted elsewhere, I am not currently aware of any. All my downloads come from those domains.
Finally, when you do run the program, Windows should ask for confirmation. This dialog box should include a notice that the executable was “digitally signed” by “Adobe Systems Incorporated”. If this is missing, again be very suspect.
Or, you can avoid the whole thing by manually checking your browser plugins to see if they are up to date. You can visit the Mozilla Plugin Check page. Despite its name, and the fact that it’s hosted by Mozilla, it apparently works in all browsers. (I have tested it in Internet Explorer, Mozilla Firefox, and Safari. The web page says it also works in Opera and Chrome.) If you know that everything is up to date, then any e-mail or web page that claims otherwise is either (a) broken, or (b) a scam.