Trojan Alert: Fake Adobe Updater and "Diaoyu PDF"

ByMike Moffit

As if Adobe doesn’t already get enough bad press in the Apple world, a new malware attempt has been spotted that pretends to be an update to Adobe’s Flash Player. Dubbed “Flashback,” it appears to be a legitimate update and includes the same logo and graphics that Adobe uses for their Flash products. However, it does not update Flash; it installs a backdoor that allows a hacker to access your system.

Similar to “Mac Defender,” Flashback makes every attempt to look legit so you will install it. Most of the time when malware hits a Windows system, it installs itself without any indication that anything is happening (like a robber climbing in through a back window of your house). OS X does not allow this kind of hidden infection, so in order to get around your Mac’s security, the malware preys on the weakest link in the fence—the person using the system. Somehow it has to trick the user into running the application so the malware can be installed. (Criminals will sometimes pose as police officers or utility workers to gain access to your home. They look harmless, so you allow them access.)

Flashback does not spread on its own; it has to convince people to download and install it. As with most malware, it plays to the public’s obsession with current events and scandal to spread. For example, a webpage claims to contain nude photos or a “leaked video” of someone famous. A popular tactic used on Facebook advertises a controversial video, just begging people to click on it. The “video” leads to a website that says an update to Flash is needed and offers to install it. There’s no video, there’s no Flash update, there is just the backdoor program that now allows someone to steal your data.

The best way to avoid this kind of infection is to download updates only from legitimate sources. For Mac OS X updates, the built-in Software Update will keep you current, but for other applications and utilities, you have to check their site or rely on their own update alerts. If you’re surfing the Net and are told that you need an update to some component of your operating system, ask yourself, “Is this in response to something I just did?” If you clicked on a link to a video on YouTube and were told that you needed an update to your Flash Player, it’s most likely real. YouTube is a trusted site. If you’re on some other back-alley-type site, you can’t always be sure.

The update notification MIGHT be real, but hackers are getting smarter. Not only are they finding new ways to trick people, but they also know what people are searching for and try to lead them down an unsafe path to get it. If you are at all in doubt, check the official site to see if there really is an update available. For Flash Player, go to adobe.com and check to see if there really is a new version of the Flash Player or Adobe Reader. If there is, download it from there so you know you have the real deal. If you go back to that link and it now works, it’s probably safe. If it still says you need an update, the link could be a bad place to go and you should navigate away from that page.

Another recent hack attempt takes the form of a PDF file. It claims to be a document outlining the ongoing dispute between China and Japan over ownership of the Diaoyu/Senkaku Islands. It’s not actually a PDF: it’s an application that opens a document and infects your system with a backdoor program to allow remote access. The idea of an infected PDF file is not new, and has been plaguing Windows users for years, but this is the first time someone’s tried it on a Mac. Oddly enough, this attempt didn’t work, but people who disassembled the file found suspicious code that at least made the attempt. The next version of it may actually work, so there’s one more thing to watch out for.

As with anything else, my recommendation is a) watch where you click and b) install something to actively scan your system so you don’t get caught by the latest scam. Sophos’s free anti-virus for Mac is one such solution.

Similar Posts

  • iPhone 4S Available 10/14

    Are you anxiously awaiting the release of one of the “*new iPhone models*”:http://blog.smalldog.com/article/a-look-at-the-iphone-family/ announced last week? Small Dog is an AT&T dealer and will carry all current iPhone models in our retail stores as they are released. Please note that iPhone is available at Small Dog with an AT&T contract only.

    Here’s the skinny on purchasing an iPhone 3GS, 8GB iPhone 4 or iPhone 4S at Small Dog Electronics:

    * The *iPhone 4S* (16GB/$199.99, 32GB/$299.99, 64GB/$399.99 with a new 2-year contract) and *8GB iPhone 4* ($99.99 with a new 2-year contract) can now be pre-ordered and will be available for pickup in our stores beginning October 14.
    * The *iPhone 3GS* (free with a new 2-year contract) is available now.

    *iPhone is available exclusively in our retail stores* in “*South Burlington*”:http://www.smalldog.com/burlington and “*Waitsfield, VT*”:http://www.smalldog.com/waitsfield and “*Manchester, NH.*”:http://www.smalldog.com/nh To ensure you get your iPhone as quickly as possible, we recommend you pre-order. Stop by one of our stores or give us a call at 800-511-MACS to reserve yours!

    Do you plan to upgrade to iPhone 4S? “*Click here to tell us!*”:http://blog.smalldog.com/article/poll-do-you-plan-to-upgrade-to-iphone-4s/

  • Happy Tuesday,

    With foliage nearing its peak here in central Vermont and several frosts under our belt already, it’s great to see so many tourists out and about enjoying this great state. Nearly all roads and bridges are repaired at this point, but a powerful reminder of what happened just six weeks ago remains in Waitsfield, where the covered bridge remains closed along with several businesses on Bridge Street.

    We’ve received another round of used white last-generation MacBooks that are going through our rigorous testing and refurbishment processes. There are already plenty ready to go and “*listed on smalldog.com.*”:http://www.smalldog.com/product/79068 These laptops are perfect for Web browsing, email, iPhoto, watching movies and even editing video with iMovie. They include Snow Leopard, which some users would consider an added benefit.

    As always, thanks for reading, and keep in touch.

    Matt
    “matt@smalldog.com”:mailto:matt@smalldog.com

  • From the Archives: The Internet is Running Out of Addresses

    I’ve written in past Tech Tails about IP (Internet Protocol) addresses, and how every single device connected to the Internet needs to have its own IP address. Under the current system, known as IPv4, the addresses are formed as four groups of up to three digits. Each group of digits can go from 1 to 255, but no higher than 255. For example, Google’s IP address is currently 74.125.226.148. When you type in a web address in your browser, it’s actually translated into an IP address by DNS servers.

    The problem with IPv4 is that the four groups of up to three digits only allows so many unique addresses. It must’ve been hard to imagine in the early days of the Internet that so many billions of addresses would be needed, but here we are and some experts claim that we have less than a year before the last address is taken.

    I’m not sure I’m ready to fill my basement with canned goods and iodine tablets quite yet. But just in case we find ourselves in an era of an overpopulated Internet, there is another protocol called IPv6 that will replace IPv4 over time. The new protocol boasts an address allocation (number of possible addresses) with so many zeroes after it that I can’t even think how to pronounce the number.

    Needless to say, this transition will take time, and in some cases users may see some speed issues. The IPv4 and IPv6 networks will essentially be two different Internets, and there will have to be “translating” services, or gateways, to bridge between the two networks. These gateways will certainly be bottlenecks.

    The whole protocol and the transition from IPv4 to IPv6 is going to take some time and there will likely be bumps along the way. But there’s really no need to panic as some have suggested. There’s a wealth of information out there about the transition and the protocol itself. Wikipedia, as is so often the case, is a great place to start.

  • Enter to Win an 11" MacBook Air!

    On December 12, we’re giving away an 11” MacBook Air—a $999.99 value—to one lucky Small Dog Electronics newsletter subscriber!

    This contest is open to current and new newsletter subscribers, but you must visit smalldog.com/contest to enter and view complete contest details.

    Sign up to win and spread the word!

  • iPad 101: Why Are My Apps Freezing?

    People love their iPads. They take them everywhere and use them for everything. Many have grown somewhat dependent on them, so I can understand their concern when an app suddenly won’t work. For example, they open Safari but instead of being able to enter their search into Google, the screen is just gray. They can switch out of Safari back to the desktop, but when they tap Safari again, it’s still gray.

    The iOS 4 update added a great new feature to Apple’s iPod, iPhone 4 and iPad devices: multitasking. Now you can run more than one application at a time, while previously when you closed an app, it stopped running (disconnecting you if it was an online app like Skype or Facebook).

    Running under iOS 4, an app continues to run “in the background” when you tap the Home button to switch back to the desktop. The problem is that it isn’t obvious what apps are still running, nor is it made clear that this is even happening. New users of the iPad seem unaware that when they tap the Home button, the app they were just using is not “closed” but rather “minimized.”

    On a Windows system, minimized applications are put into the Task bar, and on a Mac they are put into the Dock with a glowing light under them. On an iOS device such as the iPad, you don’t see these apps unless you tap the Home button twice. This brings up a scrollable bar on the bottom of the screen showing you the apps that are still running. All these apps take up memory to run, even though you don’t see them, and the more apps you have active, the less memory you have available for new apps to run.

    When someone shows me that Safari is stuck, I check the list of active apps and two things happen: first, I find that they have 20 or so apps running, all of them consuming resources; and second, the customer exclaims, “I didn’t know you could do that!”

    So how do you fix this? Once you have the list of active apps open, you can hold your finger on one of them until they start to jiggle. A red “-” sign appears in the upper left corner, which you can tap to close that app. This removes it from memory but DOES NOT delete the app itself. It is still on your desktop and can be relaunched later if you need it, but it will no longer be taking up memory that can now be used for other apps. Swipe back and forth to scroll through the list of active apps, closing off any that you aren’t using.

    For example, there’s no reason to have Settings open all the time, but it’s fine to keep Mail active so you can get back to it quickly. Get into the habit of doing this once every few days to keep your device running efficiently. In the example I mentioned above, closing out Safari and a couple other apps “fixed” the problem; Safari relaunched and worked fine.

    Perhaps iOS 5 will make it more obvious that this feature exists. It is one of the better points of the iPad and makes it so much more convenient and useful, but it can cause issues if you don’t keep an eye on it.