From the Zscaler Research Blog:
Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash updates:
• hxxp://kivancoldu.com/, redirects to hxxp://click-videox.com/ [Screenshot: http://kivancoldu.com on 05/02/2013]
• hxxp://fastcekim.com/, redirects to hxxp://click-videox.com/
• hxxp://kivanctatlitug.tk/ d(down)
The fake warning at the top of the page alternates between English and Turkish.
What is interesting is that the malicious executables are actually hosted in a DropBox account and have not been taken down since they were found about seven days ago. I have spotted two different executables so far:
• FlashPlayer.sfx.exe (detected by only 2 of 46 AV vendors)
• Videonuizle.exe (detected by 5 of 46 AV vendors)
These two files have similar behavior. They disable all Windows features: UAC, Firewall, AV, Safe Boot, etc. The malware then drops variants of the Sality virus, some of which have a good detection rate amongst AV vendors.
Continued : http://research.zscaler.com/2013/05/fake-flash-player-on-dropbox.html
Big screens for the big game
Still looking for the best TV deals ahead of Sunday's game? Here are our top three big screen picks.