Q: Have you heard anything about malware introduced in a fake Adobe Flash update and how to detect and remove it? Here’s an article discussing it: TinyURL.com/IGTM-0593.
Coupled with the Microsoft update on Tuesday, Oct. 9, 2018, I saw a suspicious Adobe Flash update message while surfing MSN.com and links using Google Chrome. McAfee also popped up telling me it had quarantined some suspicious files. I am not sure where I was surfing when I noticed this, but was already experiencing CPU and 100 percent disk usage which I attributed to the Microsoft update that was in progress. After Windows prompted me for a reboot, which I allowed, the CPU usage and disk performance seemed to go back to normal. Since Tuesday I have experienced an occasional sluggish response and higher than normal CPU utilization.
Seeing this article makes me suspicious of the malware. I’ll be watching for ways to detect its presence and ways to eradicate it.
— Calvin G., Fort Walton Beach
A: I can’t say as I’m familiar with this particular malware, Calvin, but I’ve seen plenty of them that follow a similar pattern. In fact, a couple of years ago at a personal appearance, I was talking about upcoming trends and predicted an increase in hackers using Adobe Reader as an attack vector to spread their malware.
I’m sorry to say that prediction has turned out to be true. It’s a perfect vehicle for this purpose, as it’s a non-Microsoft product that’s on a large percentage of PCs. And as most people know, all software vendors put out periodic updates to their products. So, it doesn’t normally ring any alarm bells when your PC tells you that an update is required to this commonly used application.
On several occasions in the last several months, I have encountered a situation where a legitimate website suddenly either opens a new browser window or a new tab in my existing browser. This instance contains an admonition that my computer’s Adobe Reader is out of date, and it very helpfully offers to update it for me. All of this would be fine if it was actually from Adobe, but it’s not.
Even if the URL of the page has the word “Adobe” in it, such as “GetAdobeNow.com” or “UpdateMyAdobe.com” you can’t know with any degree of certainty that it is legitimate. The safest course of action — for this, and other, similar situations — is always to ignore these a-little-too-convenient offers of assistance. If you think your Adobe Reader needs updating, go to the Adobe website on your own and download it directly from there. For the record, the genuine URL is get.adobe.com/reader.
I’m trying not to feel off-put by your statement that “Seeing this article makes me suspicious of the malware.” I would hope that anyone who is a regular reader of It’s Geek To Me would be suspicious of any and all malware, and getting smarter all the time about how malware travels and gets onto your PC.
But I choose to interpret your statement as you being suspicious that your PC may have been infected by this particular malware, rather than a suspicion of malware in general. I’m pleased to see you monitoring some of the aspects of your computer discussed in the article, but it sounds to me like your computer doesn’t have the symptoms that it described. The article makes it sound like PCs so infected exhibit maximum CPU usage as the malware goes through the arduous process of mining the crypto-currency.
This discussion brings up another topic that hasn’t seen a lot of exposure in the column, but which I have no doubt is a topic of confusion for many of my readers. I’m talking specifically about cryptocurrency. This fancy, five-dollar word describes a relatively new type of asset — basically, digital money. The first and most widely-known form of cryptocurrency is bitcoin, which was first released in 2009. Since then, over 4,000 variants have been created, so cryptocurrency is a growing industry.
Bitcoins have no physical form, but rather exist in the form of secure records of financial transactions. Each bitcoin is unique, and works through something called distributed ledger technology, which tracks the ownership of bitcoin and their units. Bitcoins are created through a process called mining, which consists of validation of various digital transactions. This requires a great deal of computer processor power, which makes it an attractive target for hackers to distribute the workload to other computers via malware. The power of a single PC mining bitcoin can be converted into dozens, hundreds, even thousands of PCs at very little cost to the hacker.
Free money is a compelling lure, and gives the rest of us one more reason to be vigilant on what we allow onto our computers.
To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!).