Malicious Flash Player Updates Hosted on Dropbox
Sites claiming to deliver Flash updates actually serve malicious executables that are being hosted in a Dropbox account, according to Zscaler.
"What is interesting is that the malicious executables are actually hosted in a Dropbox account and have not been taken down since they were found about seven days ago," writes Zscaler security researcher Julien Sobrier.
Sobrier says he's found two executables being delivered so far -- FlashPlayer.sfx.exe, which is currently detected by just two of 46 anti-virus vendors, according to VirusTotal; and Videonuizle.exe, which is currently detected by only five of 46 anti-virus vendors.
Sobrier says the sites have recently seen as many as 1,700 visitors a day.
"These sites keep popping up and [they] are still able to fool users," Sobrier writes.