• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0

How can I tell legit upgrade from Trojan?

Guest
Apr 15, 2012 Apr 15, 2012

Copy link to clipboard

Copied

There's a lot of press in the PC world about how Macs are now enduring a malware attack.  It's called the Flashback Trojan, and it apparently masquerades as an application to upgrade the Flash player.  The information I have found on the web tells how to detect if you have it (I don't) and reaassures us that Apple has now fixed the problem. 

What I have not been able to find is what the infection procedure looks like; more specifically, how can I tell the difference between malware and a legitimate Adobe upgrade?

In particular, when an alert box pops up that says...

"Install Adobe Flash Player.app" is an

application downloaded from the internet. 

Are you sure you want to open it?

How can I be sure that the product came from Adobe?

--Gil

Views

9.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Employee , Apr 20, 2012 Apr 20, 2012

The latest Flashback trojan actually was Java related.  However, you can always make sure you get the official version of Flash by going to get.adobe.com/flashplayer

Votes

Translate

Translate
Adobe Employee ,
Apr 20, 2012 Apr 20, 2012

Copy link to clipboard

Copied

The latest Flashback trojan actually was Java related.  However, you can always make sure you get the official version of Flash by going to get.adobe.com/flashplayer

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 20, 2012 Apr 20, 2012

Copy link to clipboard

Copied

Oh.  Java.  Flashback is about Java, not Flash Player.  How silly of me.  Sorry.

Thank you for clearing that up, Chris.

--Gil

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 20, 2012 Apr 20, 2012

Copy link to clipboard

Copied

I believe the initial version of Flashback (back in October 11 I think) was a rogue installer that was masquerading as a Flash Player installer.  Another reason to make sure you download from adobe.com

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 21, 2012 Apr 21, 2012

Copy link to clipboard

Copied

I guess the problem I was addressing occurs at the time one sees this alert:

"Install Adobe Flash Player.app" is an

application downloaded from the internet. 

Are you sure you want to open it?

Regardless of where you or I *think* the application may have come from, is there any way to doublecheck that the app on which you just double-clicked is not the imposter? 

How are the legit installer and the malware different?  Is there, perhaps some small difference in their icons, or does one of them have something spelled differently?  You know -- the stuff they pass around about counterfeit twenties -- How is it different?

All the web descriptions of the October Flashback say that it "masquerades" as a Flash Player installer, but they do not give details.   Just how good is this "masquerade"?  What does the counterfeit installer do, or look like, that's different from the McCoy?  Does it engender the same alert box, or is it slightly different in any way?    I would like to have a way to doublecheck before I agree to open it.

--Gil


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
May 02, 2012 May 02, 2012

Copy link to clipboard

Copied

Hi Gil,

I believe that this process will get easier in upcoming OS X releases, but in the meantime you should be able to verify that a Flash Player installer is from Adobe by using the digital signature embedded within the binary.  You can do this via the command line in a terminal session.  First, mount the installer .dmg and in a terminal window, type:

codesign -v -d -v /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/

You'll get info back, and in particular you should see an Authority entry listing out Adobe Systems Incorporated.

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 02, 2012 May 02, 2012

Copy link to clipboard

Copied

LATEST

Well, thanks, Chris.  That is indeed a helpful reply.  I'll give it a try.

--Gil

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines