4 Replies Latest reply on Nov 2, 2015 12:28 PM by m_vargas

    How to see if a Flash Player update proposal is not a fake one?

    daniel Azuelos Level 1

      I'm getting very regular update proposals of my installed Flash Player.

      Sometimes these update proposals are so frequent that I suspect some of them can't be serious ones..

       

      Everytime I see the same window without any information about the update this is

      proposing me:

      Screen Shot 2014-09-21 at 13.09.37.png

      I feel it is pretty too easy to make a fake window of this Flash Player update proposal window.

      To build a virus which will pretend to be a Flash Player update, a cybercriminal just need to make

      a copy of the always identical Flash Player update proposal window, and fire any sort of crapware download

      from there.

      I imagine the worldwide success of the Flash Player false updaters is coming from this much too

      easy window without any version or new information.

      Isn't there a potential target of 1.3 billion connected PC?


       

      How may I recognise if a Flash Player update proposal is an official one or any fake?

        • 1. Re: How to see if a Flash Player update proposal is not a fake one?
          pwillener Level 8

          You are right: it is nearly impossible to tell if such a pop-up is authentic or fake.

           

          To avoid falling for a fake update, download and install updates manually when they become available.

          • 2. Re: How to see if a Flash Player update proposal is not a fake one?
            BlueSkiesCreative

            FYI: If you supplied the genuine link here, I think your response would be perfect.

            • 3. Re: How to see if a Flash Player update proposal is not a fake one?
              pauladobe2

              pwillener

              I believe I have received just such a file as BlueSkiesCreative is concerned about. My Chrome flagged the file as potentially dangerous which has never happened with Flash Player downloads before. In addition, when I checked I was at the current level.

               

              Is there no one who's sufficiently interested to receive reports of these events, even the files and or source sites so that appropriate measures can be taken? While I recognize the validity of only downloading manually, Adobe Flash Player has a massive user base and the vast majority won't know that this is advisable and won't know how to go about doing so without directions. If your suggestion is such a good idea, why does Adobe Flash Player default to automatic update rather than notification that an update is available with a link to a page in the Adobe domain with directions on how to perform a manual download and why that's the best approach?????

               

              It appears that Adobe doesn't take these kind of questions directly as the Support section only offers the Forum, a few manuals, and FAQs as points for assistance, I downloaded the Administrator guide for Flash Player 19 and the Security section said NOTHING about this issue. If Adobe doesn't care if fraudulent files are downloaded in their name then they deserve even less trust from their users than they already have. The vast majority of providers, even the massive ones with global reach, have some mechanism to report fraud concerns or bug concerns for users and not just developers, if there are any. I'm shocked that Adobe doesn't have something along those lines.

               

              I'm turning off Auto Update in all of my browsers immediately until a more rational method of dealing with this issue is publicized.

               

              Thank you for your attention

              Paul

              • 4. Re: How to see if a Flash Player update proposal is not a fake one?
                m_vargas Adobe Employee

                The screenshot posted in the first post does look authentic. However, producers of fake Flash Player installers do go to great lengths to mimic the official Flash Player installer branding.

                 

                WRT "Is there no one who's sufficiently interested to receive reports of these events, even the files and or source sites so that appropriate measures can be taken?"

                 

                Yes, Adobe takes this very seriously and does actively pursue sites that host malicious Flash Player installers. Information on reporting sites hosting malicious installers is available here Notifying Adobe of Security Issues  I frequently forward malicious sites, reported by users here on the forums or that I find when searching for them, to our fraud department.  You can also private message me the complete URL to a malicious site.

                 

                --

                Maria