I have used Flash Player since version 6, and I have never gotten any malware from Adobe downloads. This is still true for the latest Flash Player update 188.8.131.52.
Never download any Flash Player installers or updates from anywhere else than the Adobe.com or Macromedia.com websites!
If you got pushed to download infected software, then it was most likely issued by other malware. Sorry, I have no other explanation than this.
Ugh, sorry to hear that your machine got infected with malware.
Unfortunately, one of the problems with Flash Player's ubiquity is that malware authors often attempt to impersonate Flash Player download dialogs in an attempt to trick you into downloading and installing fake software. Adobe takes extraordinary measures to ensure that our signing keys are tightly controlled, and that the binaries issued from Adobe are legitimate and free from malware.
We highly recommend that users opt-in to automatic updates, and always download Flash Player directly from adobe by typing in the link: http://get.adobe.com/flashplayer.
If in doubt you're always welcome to download fresh copies of our installers, and check them against VirusTotal to confirm.
The update was exactly like the normal pop up message that spawns to the desktop when ever an Adobe update is pushed. This is why I clicked on it in the first place with out hesitation. There was not one indication of impersonation or foul play at all. Due to this, and the lack of a direct reporting path I will not use Adobe auto updates going forward. With every attempt made to connect or contact someone from Adobe, I was constantly turned away, or redirected (bounced) from one representative to another 6 times before I finally gave up in frustration. Your post (reply) is the closest thing to what I would consider a professional response to my concerns, to this point.
Charles Hedricks wrote:
There was not one indication of impersonation or foul play at all.
Unfortunately the malicious actors who create these malicious/fake Flash Player websites are very good at copying the Adobe and/or Flash Player brand/logo and sometimes it's very difficult to determine that it is a fake notification or site (a common one is Flash Player Pro..there is no such Adobe product). Just the other day, on a different post, someone's router was infected and the DNS IP address changed. The only indication to me that it was a malicious site was the URL the page was redirected to. A normal user such as yourself wouldn't know the difference as the page itself looked just like the official Adobe Flash Player Download Center page.
We do actively go after these malicious actors. If you come across these fake Flash Player install/update sites please message them to me. I do forward them to the appropriate folks here at Adobe when users tell me about them or I find them on web searches.
Unfortunately, we don't offer direct support for free products. The people staffing the forum here actually work on the player, so for better or worse, we're generally more informed than the support organization on day-to-day Flash topics.
I'd be interested in seeing the logs from the scanners to see what got picked up and where.
Thank you Maria - I had been trying to get someone's attention for several days with a copy of the infected file available for inspection. It was impossible to reach anyone via phone or chat that actually indicated they were concerned, the only thing they wanted to do is "hot transfer" me to another department or redirect me to a different chat or forum window.
Your post here is the first "sign of life" that anyone actually cares to hear or deal with this situation. Unfortunately I have since deleted the file and scrubbed my PC with Malwarebytes in safe mode, then had it clear the unused space on my drive, followed by a defrag program effectively wiping out any trace of the file.
If it comes up again, I will most assuredly contact you with the intent to work it out.
You do not support free products? Even if it is an Adobe branded product?
wow, just plain wow.
Correct. Adobe does not offer free, direct technical support for the products that we offer free of charge. If you're having trouble with a paid product, that's a different story. You *can* pay a nominal fee that offsets the cost of support for the free products, but most people choose not to. As a result, the tech support guys don't get a lot of Flash experience, and since the folks here are actually engineers on the product, we have pretty close to real-time information. If it's anything esoteric, we have an unfair advantage.
Adobe does provide these user-to-user forums to everyone regardless of means, and the staff here typically carve out time from their day/evening as a courtesy to our users, in addition to our actual workloads. I stuck around until about 8PM yesterday to answer installer questions.
If you run into problems again, please feel free to drop me a direct message through the forums (just click my name). It will land in my Inbox that way, and will get my attention. For security incidents, you're also more than welcome to email the Adobe Product Security Incident Response Team <psirt at adobe dot com> with details, as that queue is staffed 24/7/365.
I paid quite a bit for Adobe CS5.5 back several years ago, and in that was the "free" version of Flash Player. Just a side note - I am now dealing with an issue in AI from that same package on a different thread so I do understand the differences between supported and not supported. All told, I am old school - if it is "branded" then it should be "supported" by the branding company at some level - and if it is maintained by an update engine, then a bit more interest or easier way to report malware attacks and code compromises would be greatly appreciated. In my case I wasted about 6 hours ($50.00 per hour) of my time trying to track down a location to report the malware / code subversion of the update engine. A simple link on the support home page to facilitate reporting efforts would have saved a significant amount of frustration and lost time on my part.
Don't get me wrong - I understand the intent of Adobe's stance on free software vs. paid, I am just old school in my thinking about it.