You must have Javascript enabled to experience this site.

Why do I need Flash Player Pro?

Posted & filed under Random Thoughts.

Well, of course you don’t need Flash Player Pro because it’s a scam, but why are you getting these messages.

The Flash Player Pro malware seems to be going around at the moment. I have removed it from the laptops of two friends in the last month.

This particularly insidious malware tries to trick users into installing what claims to be an update to Adobe Flash Player (and it’s the Pro version so it must be better, right?). The hackers have even stolen Adobe’s logos and graphics to make their malware look legitimate. If you mistakenly install this thing, it will download even more malware.

It seems to be part of the Conduit Search malware and one of the things it does is to change the machines DNS settings so that it goes through the hackers DNS servers instead. So when the user asks for ‘google.com’, the hacker DNS server goes ‘Nah, you don’t want Google, you want Flash Player Pro!’.

One laptop I scanned at my friends house and found nothing (but it kept going to the Flash Player Pro site so it had to be infected). I suspected a root-kit. Took the machine away, installed Avast and did a Boot Time Scan which removed over a hundred infected files. Then ran Malwarebytes Free which removed a hundred more. Used the Avast Browser Cleanup to reset all of the corrupted settings, then ran Ccleaner to remove all of the remaining junk. Good as new. Take it back to my friends house, go to Google – Flash Player Pro. What the %&^%*^$*^?

Seriously puzzled I take it away again. Repeat all of the scans – nothing, no malware. Works perfectly. Some more research found that the malware had also changed the router settings so even though the laptop was now clean, the router was still redirecting trough the hackers DNS server. Factory reset router – problem solved.

Root-kits that change router settings – seriously puzzling stuff.

2 views