According to Mischel Internet Security, there’s a new Trojan going around. Detected as TrojanClicker.VB.395 by TrojanHunter, it pretends to be an update for Adobe Flash. When run, it goes through the motions of updating the Flash player, and most users will think nothing of it. They suspect the installer for this spreads via forum posts that use JavaScript to link to the malware.

What the article fails to say is what domain is distributing this malware and how many other AV vendors are picking this up. I did a little digging through the sample collection and came across the following URL which fits the description.

hxxp://adobeupdateserver.com/download/AdobeUpdate.exe

DNS Information
Name: adobeupdateserver.com
Address: 216.146.130.104

Very Low detection by AV vendors at the time of this posting (6/41).

Virus Total Results for AdobeUpdate.exe
Threat Expert Report for AdobeUpdate.exe

They do mention how you can tell if you have fallen victim to this clever scheme.

Look for the following

– A Firefox plugin named “Adobe Flash Player 0.2″
– Having recently installed a file called install_flash_player.exe or Install_Flash.exe from an unknown source