Are you sitting down? I know this will come as a shock, and I want to prepare you. Adobe Flash is the source of a new attack against PCs. Honestly, in this case it really is not Adobe's fault (unlike some other past cases), but the software is still the vehicle used in this drive-by. Microsoft reports that Trojan:Win32/Preflayer is in the wild and changes the home page for Internet Explorer, Google Chrome, Mozilla Firefox, or Yandex.
"These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing", Jonathan San Jose, Microsoft antivirus researcher, says.
The Trojan attacks in the guise of a fake Adobe Flash update that pops up on the user's screen. According to the software giant's threat report "to trick you into thinking that it's a legitimate installer, it also downloads and runs the actual Flash Player installer". That makes this a bit scarier than the average fake Flash updates that we have grown accustomed to encountering over the past few years.
The browser home page is changed to one of the following addresses:
- www.anasayfada.net
- www.heydex.com
Microsoft details how the Trojan works in its threat report, including the attacks on Chrome, Firefox, Yandex and, of course, Internet Explorer. Microsoft also outlines steps to remove the virus, but users should probably be clued in to not get it, given that the pop-up box for installation is written in Turkish.
Folks, Flash is dangerous. It also causes non-critical, but still annoying, browser problems. Many web sites have moved on to HTML5, but for those that have not, do yourself a favor -- enable click-to-run in your web browser and pick and choose carefully where you make that click. By all means, do not trust pop-up ads. If you need to update, then visit the official Adobe site and do so manually. It really is a jungle out there.
Photo Credits: maraga/Shutterstock