There are many reasons to not install Flash, but there may be an even bigger reason to not install fake-Flash — a Trojan, and not the kind that eventually ends with a smile either. According to F-Secure, there’s a Trojan going around masquerading as Adobe’s Flash installer that messes with your HOSTS file and redirects your visit to Google through to a server in the Netherlands that serves up pop-up ads, despite looking like a legitimate Google search page.
What’s a HOSTS file?
Simply put, computers manage to keep track of server addresses (based on IP), and then join them up with those pretty URLs that we’ve come to love around the Internet. For instance, the URL macgasm.net has an associated IP that your browser, through the use of DNS, translates and uses to serve up the relevant content from the server. In our case the server serves up this website.
A HOSTS file is available on all operating systems, and lets users and administrators manually manage IP addresses and pretty URLs. This lets users easily change where a website goes when a URL is typed into a browser. The HOSTS file overrides the DNS that is available publicly on the Internet. In the case of this particular Trojan, the virus assigns a new IP address to your HOSTS file for Google.com. If you type in Google.com, you’ll be redirected to a different server, and thereby be at the mercy of where you land. Not cool, right?
So, if you want to avoid this catastrophic event you have two options:
- Stop installing things you didn’t intend to install in the first place,
- or don’t ever try to install Flash ever. Like evah-evah.
We’ll leave the choice up to you, but we’re going to highly suggest number two, since you’ll also get the added benefit of better battery time, less lag, more CPU cycles, and no longer cooking your lap-bits with a blistering hot MacBook Pro.
Just saying.
Source: F-Secure