A new worm seems to use social engineering to install malware. The worm asks to load a newer version of Adobe Flash Player and of course provides a link to this upgrade. The upgrade in fact is a fake one with real malware. The social engineering part is nicely done because it uses one of the most freely available software in the world (Adobe Flash Player) and nobody knows when an upgrade is available. Today, it is extremely current to upgrade the installed software.
Adobe proposes the following remedies:
- Load upgrade and installers only from adobe.com site
- Verify that the installer is signed with a certificate belonging to Adobe.
The two remedies are very good ones that should be generalized to every installation. Although they have some limits:
- It is rather common to download installation from many sites that are not the sites of the developing team. It is less convenient to search for the issuer site than take the first site offering it. For instance Adobe Flash Player is available in many places. I tried to search on Google France. Fortunately, the first site proposed was adobe.com. But I found many other ones. Should I trust them?
- How many people are able to analyze a digital certificate? Furthermore, some very respectable companies use expired certificates or with an unknown root certificate.
Once more, we end up with the need to educate users. A lot of work to do here.