Zscaler researchers recently found three Web sites distributing the Win32.Sality.N Windows malware disguised as Flash updates, with the update requests alternating between English and Turkish.

"What is interesting is that the malicious executables are actually hosted in a Dropbox account and have not been taken down since they were found about seven days ago," writes Zscaler security researcher Julien Sobrier.

Sobrier says he's found two executables being delivered so far -- FlashPlayer.sfx.exe, which is currently detected by just two of 46 anti-virus vendors, according to VirusTotal; and Videonuizle.exe, which is currently detected by only five of 46 anti-virus vendors.

Sobrier says the sites have recently seen as many as 1,700 visitors a day.

"These sites keep popping up and [they] are still able to fool users," Sobrier writes.