Drive-by Download on Facebook?

[FLWBStrainman]

Hi all. It's been forever since I've posted here, but I just wanted to get an opinion on something. I fear I may be infected with malware from Facebook. I was looking at a particular profile last night, and I got a message saying something like "The flash player update failed. Please visit the following website... (some rediculously long URL, starting with www.adobe.com) to attempt to reinstall the update." Though this was already enough to throw me off, I noticed that in the header, it said "Message From Webpage." Why in the world should somebody's Facebook page dictate what software I need to install?

I have been reading up on the Koobface worm. There was no email. No idoitic video invitation, just a message that a flash player update, which I never knew about in the first place, had failed. At that point, I killed IE with task manager. With nothing to lose, I went back to the same profile, and got the same exact message. Again, three-finger-salute. I was able to look at other profile pages with no problems.

Is it possible that this person's page is infected? And if so, could I have picked it up simply by recieving the popup? It was trying to get me to go to a particular URL to install a supposed flash player update. It seemed an awful lot like JavaScript to me, which is why I didn't click on "OK, cancel," or even the "X" in the corner. I've been infected that way before.

Any thoughts? If this IS malware, I should hope it requires that the URL be visited, and the malicious software be dowloaded, which I DID NOT do. I am about to scan with Malwarebytes Anti-Malware. I also have Symantec Endpoint Protection and Windows Defender, along with the Malicous Software Removal Tool. I am just really hoping that I'm not a victim of a drive-by download!

Any help would be appreciated.

 

[johnwhelan]

Adobe Flash has a known security problem where by malware can be installed just by visiting a web page.

Adobe's stance is that this is not their problem but it is up to the web hosts to ensure their web pages are hosting these types of malware.

Given that many sites don't even keep their security updates up to date and others may have malicious intent you can draw your own conclusions about how safe Adobe flash is.

Cheerio John

 

[RRSignal]

Flash has a rep as being insanely unsafe. It's the new Internet Explorer.

I believe (but am not sure) that the bug JW mentioned was fixed (at least, partially) with the latest version but, yes, Adobe is going overboard absolving themselves of responsibility of this bug and blaming the fundamental essence of modern internet - content-sharing.

I suspect they are doing this because 1. Flash has a penetration of something like 95+% of the market; 2. Flash is central to social networking; and 3. That code injection will be detected by most modern AV software. The result of all this is that they don't care how severe this flaw may be - it probably won't affect the functionality nor reputation of their product. I think what's really happening is a battle of egos: Will Adobe admit that there is a serious flaw in their product, and, possibly, have to revamp it to the point it may break many applications? Or will they accept the risk -- and potential liability.

Best recommendation is to see if you have the latest version of Flash. If so, and you still seem to have a compromised system, then remove Flash from all comps and urge others to do the same (there are various scripting controls, like NoScript for Firefox; there's a similar Flash blocker for IE, which allow you to continue using Flash applications. But, unless you really know what you're doing, and know the sources of your scripts, they're not really helpful).

As for your problem, it sounds like it was this:

http://www.reddit.com/r/howto/comments/adsuo/remove_fake_adobe_flash_updater_virus/

Oh, some more fun stuff just release pertaining to Flash's many bugs:

http://news.cnet.com/2100-1023-803829.html