This ugly critter has raised it’s head once or twice in the past (June 2007, Sept 2008), but seems to be back and even more realistic than ever.
You are surfing along and when you land on a site that contains any type of flash movie (and some that don’t!), you get a popup box that says your Adobe Flash version is out of date and needs to be updated.
Since it appears real enough, and because most computer users know they have Adobe installed, many will click on it. Don’t. It is Malware.
Malware often use many techniques to manifest itself onto their host, including these fake warnings to update something on your computer. This piece of malware masquerades itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A, and TrojanClicker.VB.395 as detected by TrojanHunter ).
Take these steps to clear your machine, and remember, a daily complete virus scan by reliable scanning software can save you a lot of grief.
First, since this is a FireFox Addon, open FireFox –> Tools –> Addons
You are looking for an addon that looks something like the one above. Remember it has undergone revisions over the years, so it might not appear exactly as shown. Uninstall this nasty little guy.
Next, the extension works in conjunction with a trojan executable. In the recent past it was smc.exe, though there are probably others by now. And if you are running SyGate as your firewall, smc.exe is a legitimate file! You will need an up to date virus and Trojan scan to remove the rest of the malicious software from your machine. TojanHunter is not a bad tool to add to your arsenal. You can download a free 30 day trial at that link.
Authors Note: Recently a few students have called to report my sites were infected. After 3 days of extreme review and re-installations of all the major files, I discovered it wasn’t me or my sites that were infected, it was the end users that were visiting. Please, take the steps above right now to clear your machine of any threat and let your surfing buddies know as well.
When in doubt, you should always visit the Adobe site for your downloads. In fact, this is true for ANY legitimate software or extension you have installed. Just like the fake email’s from PayPal or your bank, don’t trust the direct link. Type it into the address bar or closely review the link you are about to click. It should not have any extra characters in the link (for example www.AdobeX.com).
To determine the exact version of the flash player you have installed on your computer, you can visit Adobe’s Version checker at http://www.adobe.com/software/flash/about/