Hackers are finding more and more ways to manipulate users into installing malware onto your computer. Before clicking on a link or downloading a file, make sure you review the origin of the link.
For example, I was browsing a normal local news web site I read regularly and clicked on an article link on the page. It loaded, then quickly changed to the following:
The URL in the address bar looked like this:
Looking at the page, I found the following to be odd:
- This is not the normal delivery for a flash plug-in upgrade. Usually an icon in the system try would appear for this
- The browser I use, Google Chrome, has flash built in, so I should not see any updates for this
- The screen references Flash Player Pro. There is no product called Flash Player Pro that I am aware of.
- The URL host of easyjavafix.com is not what I would expect an update for an Adobe product.
- The disclaimer text states that this page is for installing a download manager that will “install independent 3rd party software that will update the advertised program.”
I looked at the actual source of the data I received to see where the download link was pointed. It was set to get a file from the host: secure.5-pn-installer.com
Some research on this host found that it has been tracked as a source for the following malware/adware threats:
- Win32/AdWare.iBryte.BG application
Moral of the story, if you receive an update notice, be skeptical. This is only one example of an attempt to install malware. Do not assume that a link is authentic. Always download updates from the manufacturer, or through an update server you have knowingly installed.