Fake 'Flash Update'
FYI...
Fake 'Flash Update' - malware
- https://myonlinesecurity.co.uk/fake-...mate-websites/
31 May 2017 - "... I was reading a page on my local newspaper... 'got a divert and a big red warning:
> https://myonlinesecurity.co.uk/wp-co...fake-flash.png
... the page I was diverted to (a -fake- flash player update page) is
https ://izaiye-interactive .net/6141452444727/01296f4851adb85de3a1ad2335c429c8/52ebc0f94a7674f6db533556c202e52f.html
... They are using a ssl prefix HTTPS but there is -no- padlock in the url to confirm this. An HTA file is automatically downloaded (or attempted to be) (VirusTotal 6/55*) (Payload Security**) - if allowed to run unfettered this hta file would download and autorun:
https ://izaiye-interactive .net/6141452444727/1496218715917605/FlashPlayer.jse
(VirusTotal [3]) (Payload Security[4])... similar attack recently documented:
> https://myonlinesecurity.co.uk/fake-...on-legit-site/
9 Apr 2017
...izaiye-interactive .net was registered yesterday on 30 May 2017 using what are obviously -fake- registrants details via PUBLICDOMAINREGISTRY .COM and hosted on 206.221.189.43 reliablesite .net ..."
* https://www.virustotal.com/en/file/4...is/1496218758/
FlashPlayer.hta
** https://www.hybrid-analysis.com/samp...ironmentId=100
Contacted Hosts
206.221.189.43
3] https://www.virustotal.com/en/file/d...is/1496219889/
FlashPlayer.jse
4] https://www.hybrid-analysis.com/samp...ironmentId=100
Contacted Hosts
206.221.189.43
192.35.177.195
109.120.179.92
84.42.243.20
215.88.149.224
132.121.74.105
209.17.219.21
izaiye-interactive .net: Could not find an IP address for this domain name. (May have been taken down.)
206.221.189.43: https://www.virustotal.com/en/ip-add...3/information/
> https://www.virustotal.com/en/url/77...607d/analysis/
> https://www.virustotal.com/en/url/66...4594/analysis/
