There’s a Trojan parading around as a Flash Player 11 update, waiting for the opportunity to sneak onto your computer and change your browser’s home page.
Trojan:Win32/Preflayer.A does its best to trick the unsuspecting end-user by arriving under the name ‘FlashPlayer.exe’ and displaying the following installer window when executed:
While it's not entirely clear why two two languages are used (Turkish/English), the agreement being displayed sans scrollbar makes sense since there's a disclaimer at the bottom stating that your browser homepage will be changed to one of the following upon installation:
“These sites appear to be a type of search engine, but there are pop-up advertisements displayed on the pages, and there was an instance where I was redirected to a different page not of my choosing.” Jonathan San Jose revealed on Microsoft’s TechNet Blog.
Thankfully, driving traffic to these websites appears to be the main goal. Once the user continues the installation, the fake installer downloads and executes a legitimate Flash Installer and changes the home page in Firefox, Chrome, Internet Explorer and Yandex, as promised.
Microsoft has already received over 70,000 reports of this malware in the last week, but given that it is posing as a fake Flash Update, avoiding it should be relatively easy.
- Only download Flash Updates from adobe.com, and not some random website.
- Pay attention when installing software, and cancel the installer if anything seems amiss (like the missing scrollbar).
Is Your Computer Infected?
To remove Trojan:Win32/Preflayer.A from your computer, perform a full system scan using antivirus provided by one of the following vendors:
Just keep in mind that additional steps may need to be taken to change your home page in Internet Explorer.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.