Home » New Updates » Are you aware of Adobe Flash Error (worm) in Wi-fi?

This morning pc users had numerous workstations pop up with an Adobe Flash error.  The browser will be taken over by an Adobe Flash Critical Update Required page and won’t let the browser go to any other internet site.  Within the page, a box will pop up that says:  “Attention!  Your current version of Adobe Flash Player is outdated!  Your computer is vulnerable to malware now.  Update your Adobe Flash player now.”

This message pops up on IE Explorer version 9-11, Google Chrome and Firefox and the operating systems are Windows XP Pro and Windows 7 pro.  It has all the behavior of a virus or malware so I don’t want to run its download file which is named install_flashplayer_12_x32_64_msaa_aax_latest.exe.

Adobe Flash ErrorUser has been able to download both flash player installs from the Adobe.com site for both IE and Other Browsers.  Sometimes user has been able to run the installs and it shows that the download and install run okay with Adobe Flash Player 12 ActiveX showing up in the installed programs list.  Other times, the install won’t run and the install file mysteriously gets deleted.  Even after the successful download and install, the browser works briefly okay and then gets seized by the “Critical Update Required” page again.

The worm will connect first to port 8080, and if necessary using SSL, to request the “/HNAP1/” URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision. The relevant lines are:

<ModelName>E2500</ModelName>

<FirmwareVersion>1.0.07 build 1</FirmwareVersion>

 

(this is a sample from an E2500 router running firmware version 1.0.07 build 1)

Next, the worm will send an exploit to a vulnerable CGI script running on these routers. The request does not require authentication. The worm sends random “admin” credentials but they are not checked by the script. Linksys (Belkin) is aware of this vulnerability.

Once this code runs, the infected router appears to scan for other victims. The worm includes a list of about 670 different networks (some /21, some /24). All appear to be linked to cable or DSL modem ISPs in various countries.

What to do to safe pc and router from these issues?

Our motto is to help you in keeping your computer safe. In our website of www.defencebyte.com you will get hold of the easy steps of removal of this virus from your system.

Defencebyte Speed Optimizer scans your system and router to identify issues which are obstruct in a speed, before flourish a powerful range of tools to optimize your system for better performance. Defencebyte Speed Optimizer cleanup fragmented data on your registry. Give your system a boost of speed with Defencebyte Speed Optimizer.

Stay tuned with our services. We’ll continue to keep you updated with any unique findings on the router viruses. As a closing note, users of defencebyte anti-Malware software are protected from known router virus, detected as Wi-Fi virus.