Google search reveals 3 million pages link to rogue AVs

Do you know what the latest version of Adobe’s Flash Player is? If you don’t, you may very well fall for this:

Flash Player 11?

There are more than 3 million pages linking to this alleged version 11:

Most pages are from unsanitized forums, but there is even a Google Ad for it! Ooooops….

The screen below depicts the social engineering trick: What appears to be an X-rated video with a Windows Media Player logo (that is odd!).

What intrigued me in that screenshot was that this malicious post was made with a user account that was highly rated:

Such posts are automated, so I’d guess this user got his credentials stolen. Regardless, it adds to the deceptiveness, coming from what looks like an ‘approved’ forum user.

 What happens next is an intermediary URL, freevideos.osa.pl/video.php?, redirects you to fast flux domains updated on a regular basis, all showing the well known “YouTube-like” screenie:

Clicking on it will download ‘video-plugin.45210.exe’ (Virus Total detection here)

 So, what really is the latest Adobe Flash Player? The answer: 10.0.45.2

You can find it here http://www.adobe.com/software/flash/about/

Looks like the bad guys are already one step ahead. By the way, I did a Google search with version 12 and it returned nothing 😉

In the meantime, there are million of pages out there fooling people and infecting them with a non-existent Flash Player version.

Leave a Comment