Initially I thought there may be some issues with the Farm games on Facebook as I had several customers experience malware issues (pop-ups, Antivirus 2009, etc) all within a short timeframe. The common denominator seemed to be the “farm” games on Facebook.
After reading up on the recently revealed zero-day exploit in Flash, I now know that I was close to correct. It is related to a similar vulnerability in Adobe PDF docs.Estimates are that 90% of all Windows users (and that is 90% of all computer users) are vulnerable.
90% of ALL Windows computers are vulnerable.
What is Flash? Most of the animations and videos that you see on websites, including the farm game, are developed using Flash technology. I use it for my tutorials and videos as well. It is what powers all YouTube videos – except the iPhone versions. Flash itself isn’t bad – but like most things, security flaws are found and exploited.
For a couple of years, I have tried to explain to clients and friends that websites, especially social networking ones such as MySpace, are dangerous since they pull in content from 3rd party sites – think about the “pimp my profile” junk. That content cannot necessarily be trusted as you didn’t create it.
It is becoming more common-place for the “bad guys” to exploit a server that pushes content into these sites, and that content can likely exploit your computer if you have a vulnerability – and in this case 9 out of 10 people are affected, essentially everyone.
Also, I have been preaching about the attack vector of opening email attachment videos, etc, that are forwarded through 10,000 people on a list – and nobody knows who created it.
How can you trust something that you have no clue who created it? That is like opening your door to a complete stranger just because they tell you a “friend” sent them over. You are asking for trouble.
So What Can You Do?
First, make sure you have a backup. Period. If something happens to your machine, do you want to risk losing your pictures and other valuable data?
Second, realize that your ANTI-VIRUS DOES NOT HELP. That is counter to what the marketing and ads tell you, but it is true. Your favorite a/v program (Norton, Trend-Micro, McAfee, etc) are a semi-good alarm system. What does an alarm system hopefully tell you – that someone is already in the house!
Third, be quit using Internet Explorer – use FireFox. While this vulnerability affects Flash and PDF’s in Firefox too, you are crazy to continue with all the risks of Internet Explorer.
Fourth, if Adobe prompts you to upgrade your Flash player or Adobe Reader, make sure it is really an Adobe update – and do it.
Lastly, call or email me.
Oh yeah – you can always go buy a Mac. They
are aren’t affected by this.