Don't Share this Fake Flight QZ8501 Video on Facebook

SMS Activated Flash Downloads: A Digital Leap of Faith

We recently poked some fake Flash files with a stick which attempted to turn a PC into an exercise in coin mining. There are plenty of other sites out there wanting you to download their own spin on Flash, and here’s one located at

adobe-flashplayer(dot)com

It's Adobe download time

The site offers up two versions – one for Chrome, Firefox and Opera and one for Internet Explorer. Clicking either of the download links in the above screenshot will direct end-users through various URLs. Here’s the multi-browser effort:

Grabbing the file

As you can see, we go from

adobe-flashplayer(dot)com

to a page located at

dinsoft(dot)ru/soft/flashplayer_11(dot)exe

Clicking the blue link on the page eventually offers up the file from

soft276(dot)ru

Running the file presents the end-user with the following on their desktop:

Select your country...

After selecting their country and mobile network, the end-user will be asked to send an SMS to receive a 10 digit long activation key. Once this is done, they may (or may not!) end up with Adobe Flash Player on their system. But really, there’s no way the end-user will know for sure until they’ve paid up which seems a little too risky for my liking.

Time to SMS

Googling that number brings up various prices (the cost of getting your hands on the activation key), but why pay anything to receive a program which may (or may not) be on the other side of this built-in pay wall when you can simply download Adobe Flash Player for free?

End-users can click a link in the bottom left hand corner of the installer and they’ll be taken to a support site at support-contact(dot)ws. I’ve actually written about other installers from this same group, back in July 2013. You’ll notice in that blog their support site actually had some content on it – this time around, things are a little more empty:

It works!

They had a Flash downloader back then too, although they appear to have changed the way their SMS procedure functions (different number, different steps to take and so on). Users of Malwarebytes Anti-Malware will find we detect this as Trojan.Agent and the VirusTotal scores are currently pegged at 15 / 49.

Always go straight to the source for any program you wish to download. If it’s supposed to be free you really shouldn’t be jumping through hoops sending what may turn out to be premium rate SMS messages.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.