One of our Web Security Analysts came across a website (118,000 ranking in Alexa) that drives users into installing a fake Adobe Flash Player file. The site prompts a message requesting the user download "a new version of Adobe Flash Player" in order to view a video on the site.
On clicking "Continue", visitors are taken to this page:
Looks pretty authentic, right? It even offers to download an "install_flash_player.exe" file for you. The analyst was using a Linux system though, so this seemed slightly odd.
Turns out the site is a (pretty good) fake. Unless a visitor takes a hard look at the address bar, it's pretty easy to be fooled.
The downloaded installer also looks like the original Adobe Flash Player installer, though the checksum and digital signatures point out the difference.
install_flash_player.exe version 10.0.22.87 md5: 51F26C0051E97A91145971FE5BC632FF