We recently poked some fake Flash files with a stick which attempted to turn a PC into an exercise in coin mining. There are plenty of other sites out there wanting you to download their own spin on Flash, and here’s one located at
adobe-flashplayer(dot)com
The site offers up two versions – one for Chrome, Firefox and Opera and one for Internet Explorer. Clicking either of the download links in the above screenshot will direct end-users through various URLs. Here’s the multi-browser effort:
As you can see, we go from
adobe-flashplayer(dot)com
to a page located at
dinsoft(dot)ru/soft/flashplayer_11(dot)exe
Clicking the blue link on the page eventually offers up the file from
soft276(dot)ru
Running the file presents the end-user with the following on their desktop:
After selecting their country and mobile network, the end-user will be asked to send an SMS to receive a 10 digit long activation key. Once this is done, they may (or may not!) end up with Adobe Flash Player on their system. But really, there’s no way the end-user will know for sure until they’ve paid up which seems a little too risky for my liking.
Googling that number brings up various prices (the cost of getting your hands on the activation key), but why pay anything to receive a program which may (or may not) be on the other side of this built-in pay wall when you can simply download Adobe Flash Player for free?
End-users can click a link in the bottom left hand corner of the installer and they’ll be taken to a support site at support-contact(dot)ws. I’ve actually written about other installers from this same group, back in July 2013. You’ll notice in that blog their support site actually had some content on it – this time around, things are a little more empty:
They had a Flash downloader back then too, although they appear to have changed the way their SMS procedure functions (different number, different steps to take and so on). Users of Malwarebytes Anti-Malware will find we detect this as Trojan.Agent and the VirusTotal scores are currently pegged at 15 / 49.
Always go straight to the source for any program you wish to download. If it’s supposed to be free you really shouldn’t be jumping through hoops sending what may turn out to be premium rate SMS messages.
Christopher Boyd
