Skip navigation
Gil Dawson
Currently Being Moderated

How can I tell legit upgrade from Trojan?

Apr 15, 2012 9:13 AM

Tags: #trojan #flashback

There's a lot of press in the PC world about how Macs are now enduring a malware attack.  It's called the Flashback Trojan, and it apparently masquerades as an application to upgrade the Flash player.  The information I have found on the web tells how to detect if you have it (I don't) and reaassures us that Apple has now fixed the problem. 

 

What I have not been able to find is what the infection procedure looks like; more specifically, how can I tell the difference between malware and a legitimate Adobe upgrade?

 

In particular, when an alert box pops up that says...

 

"Install Adobe Flash Player.app" is an

application downloaded from the internet. 

Are you sure you want to open it?

 

How can I be sure that the product came from Adobe?

 

--Gil

 
Replies
  • Chris Campbell
    9,455 posts
    May 4, 2010
    Currently Being Moderated
    Apr 20, 2012 5:12 PM   in reply to Gil Dawson

    The latest Flashback trojan actually was Java related.  However, you can always make sure you get the official version of Flash by going to get.adobe.com/flashplayer

     
    |
    Mark as:
  • Chris Campbell
    9,455 posts
    May 4, 2010
    Currently Being Moderated
    Apr 20, 2012 5:57 PM   in reply to Gil Dawson

    I believe the initial version of Flashback (back in October 11 I think) was a rogue installer that was masquerading as a Flash Player installer.  Another reason to make sure you download from adobe.com

     
    |
    Mark as:
  • Chris Campbell
    9,455 posts
    May 4, 2010
    Currently Being Moderated
    May 2, 2012 3:45 PM   in reply to Gil Dawson

    Hi Gil,

    I believe that this process will get easier in upcoming OS X releases, but in the meantime you should be able to verify that a Flash Player installer is from Adobe by using the digital signature embedded within the binary.  You can do this via the command line in a terminal session.  First, mount the installer .dmg and in a terminal window, type:

     

    codesign -v -d -v /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/

     

    You'll get info back, and in particular you should see an Authority entry listing out Adobe Systems Incorporated.

     

    Chris

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points