Upgrading Adobe Flash at http://get2.adobe.com/flashplayer installs malware Security Suite
I just upgraded to Flash 10.1 and there was an option on the page:
to install Security Suite, a piece of malware alongside New York Times Reader. I did so inadvertently and had to remove using instructions here :
Additional System Details
Just once or twice
- Default Plug-in
- Office Plugin for Netscape Navigator
- Shockwave Flash 10.1 r82
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- Google Updater pluginhttp://pack.google.com/
- Google Update
- Next Generation Java Plug-in 1.6.0_17 for Mozilla browsers
- Adobe PDF Plug-In For Firefox and Netscape
- Npdsplay dll
- DRM Netscape Network Object
- DRM Store Netscape Plugin
- User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:126.96.36.199) Gecko/20100824 Firefox/3.5.12
Installing Adobe Flash player from the Adobe site does not install the Windows security suite malware. If you got that malware you would have got it elsewhere. There are some rogue sites that claim that Adobe Flash is out of date and give you a download claiming it is an update but actually install malware.
Hi Tony - I may have ended up at one of those pages, although I thought I clicked through from Firefox.
The page is almost identical to http://get.adobe.com/flashplayer/ except that it offers the New York Times reader and Security Scan rather than the Macafee product.
I have checked my history and there are no other pages. Is it possible that the Adobe page is compromised ?
I doubt that the Adobe site has been compromised, they will have very tight security in place to prevent hacking. The usual method of the malware authors is to create their own sites that look like genuine sites.
TonyE, what are you basing your responses on? Sounds like you're just guessing. What will happen when Adobe's site is compromised and people are getting a virus from it. Will you ignore it and think people must have made a mistake?
I also followed the flash update via firefox updates at startup of firefox and took note that the update was coming from Adobe, I opted out of the install for the security software, so have not been affected by that but I did have to explicitly deny the installation of that software.
The download also did come from get2.adobe.com which is an alias for get.adobe.com the server name is get.wip4.adobe.com the address appears to be realistically in adobe's ip range and there is no dns tricks going on between me and the dns for adobe.com that i can identify.
The reason I found this page is because I want to know why the hell after updating flash, I have a NY Times reader installed on my system. I never asked for that one and it did come from the flash update without question. I live in Melbourne Australia, why the hell do I want the NY Times reader, and even if it has uses to read other stuff, I have the software I want, why do I want something I didn't want????? Adobe????
Adobe are making some offensive moves here, that is what is happening.
This also makes me feel a little less safe about using the update system built into firefox. It's not so trustworthy obviously we are at the mercy of supposedly trusted sources like Adobe, who if compromised or just decide to sell out to malware, will screw us all.
Anyway, very annoying. And I don't think reports of this kind of thing should be shrugged off with no research whatsoever.
"Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, get2.adobe.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days."
TonyE makes a good point. The fact is that when updating Flash Adobe offers to install additional software, and you must uncheck the boxes to decline the offer.
In addition to New York Times reader they offer security software.
I accept that the page I downloaded from was not Adobe, however cleverly it used an Adobe url for the flash upgrade get2.adobe.com and a different url for the malware.
I should have been more careful but if Adobe didn't offer to install additional software then this problem wouldnt have occurred.