Fake Flash Player Targets Apple Users and WP Engine Clients
Posted by Rebecca Blake on April 05, 2017
Fake Flash Player updates which mask malware have been around since MySpace was hot; Adobe was warning the public not to download the Flash Player from sources outside their download site back in 2008. But despite the publicity, the malware-installing fake downloads persist. Currently, a fake Flash Player scam is targeting visitors and users of the popular WordPress hosting platform WP Engine by taking advantage a common typo of the company URL.
If a webdesigner or WPEngine client accidentally inserts an hyphen (“wp-engine”) into the URL of their development site on WP Engine, they are immediately taken to a page with a pop-up screen warning them that their Flash Player is outdated. The screen apes legitimate warnings that appear when Flash Player truly is outdated. If the user clicks onto the update button, rather than being taken to the official Adobe Flash Player download page, they’ve initiated the installation of the malware onto their computers. To confuse users who suspect something is amiss, the installer also downloads a genuine version of the Flash installer.
The irony is that WPEngine is rated one of the most secure web hosts for WordPress websites, and takes great pride in their robust security settings. (WP Engine customers needn't be concerned that the webhost has been compromised. The website is never accessed, since the malware redirects from the incorrect URL pulled up from the typo.)
The particular brand of malware installed is appropriately named scareware. The infected computer is overrun with pop-up ads warning of an infection and prompting the user to install malware masquerading as anti-virus software. Going into the Applications folder and deleting the fake Flash download appears to solve the problem. However, once the computer restarts, the pop-up screens appear again, and the fake Flash installer reappears in the downloads folder. Doing a reinstall of the browser prevents subsequent appearances of the pop-up windows, but the malware will reside in the system until an antivirus program such as Malwarebytes Anti-Malware is run.
The Intego Mac Security Blog ran a comprehensive article on fake Flash update scareware last year. According to Graham Cluley of Intego, the scareware manipulates the computer users fear of infected computers to trick them into downloading the fake Flash Player. Johannes Ullrich of SANS Institute reported that the scareware installer took advantage of a valid Apple developer certificate. That permitted the malware to bypass recent OS X defenses which permit only programs downloaded from the official App store or identified developers to be downloaded. (Ullrich pulled together an informative video which shows what happened when he downloaded the fake Flash player.)
Downloading the Flash Player from only the official Adobe website is common sense, and websites which ask users to legitimately update their version of Flash will direct users to this page. The fake Flash Player download continues to be used by scammers. This February, Intego reported that a fake Flash Player is being used to install a sloppy new malware, “MadDownloader.” MacDownloader attempts to steal the users keychain information – passwords, usernames, PINs, etc. – by tricking the user into believing adware software needs to be removed from their system. Although the malware was so poorly designed as to pose little risk, chances are the developers will release an updated version. If a user suspects their version of Flash may be updated, they should check the status via their Systems Preferences or, better yet, permit Adobe to automatically update the program.
As for WP Engine customers: just be sure to not include a hyphen in the domain when you're typing in the URL for your development platform. If you forget,and that persistent “Flash Player outdated" screen appears, simply quit out of your browser. If. you haven't downloaded anything, chances are you’re fine. (You can always run your anti-malware software just to be sure.)
If you accidentally type “wp-engine” into your address bar, you’re taken to a deceptively official-looking Flash update screen.. Note the URL is dllmacfiles, not the Adobe Flash download site. The intercept is quite aggressive; a persistent popover window prompts you to install the fake Adobe Flash Player. The fake download screen even includes reassuring verbiage telling you that dllmac is distributing an “install manager.”
If you click “cancel,” a popover window asks you if you’re sure you want to leave the page. Clicking "Leave Page” averts any problems.
International Women’s Day Yields Treasure Troves of Work by Women
Posted by Rebecca Blake on March 13, 2017
Perhaps because of the increased coverage of women’s issues (and the political movements spearheaded by women), International Women’s Day was marked by a number of blogs and websites with comprehensive reviews of work by women visual artists: designers, illustrators, cartoonists, and others. Three in particular stood out: the UK media platform It’s Nice That, the publication Creative Review (also out of the UK), and the Cartoonist Alliance.
It’s Nice That introduced their offering with a splash. An exuberant illustration by artist Kate Prior (upraised fists hoisting an IWD banner) festoons the top of the page. The illustration celebrates the act of protest, and references the suffragette movement. Below, It’s Nice That showcases 18 articles they solicited from women contributors: illustrators, photographers, designers, and artists. There is even an article on Deep Throat Choir, a group of 35 all-female singers that transforms the work of well-known artists such as Bjork into multi-layered, intricate interpretations. The collection of articles doesn’t shy away from controversial topics. For example, in response to the fetishization of her compatriots, Brazilian photographer June Canedo asserts, “Women of colour need to be the ones photographing other women of colour.” In another article, Muslim American artist Amna Asghar asks “What if Warhol were Pakastani?,” exploring her own identity through a series of montages of popular culture images and brightly painted panels.
Rather than soliciting articles specifically for IWD 2017, Creative Review chose to curate a collection of articles that have appeared in the publication throughout the years. Dedicated readers will recognize some past gems, such as “Women + Laughing + Alone + With Salad,” a delicious take-down of cheesy microstock photography from 2011. The curated articles cover a range of topics, from typography (sexist emoji), to fashion (older women appearing in fashion ads) to workplace and leadership (retaining working mothers in the creative industries). Creative Review has also curated a selection of Works, projects submitted to the publication for review. One favorite is Woman Interrupted, an app created by Brazilian firm BETC, which monitors the user’s conversation and calculates how often the she is interrupted by a man’s voice.
The Cartoonist Alliance article was originally published in 2015 and promoted for IWD2018. “What’s The Best Comic About Women By Women?” is less comprehensive than the previous posts, and covers only seven women graphic novelists selected by CA staff as their favorites. Having said that, the collection is interesting and somewhat surprising. While Marjane Sartrapi’s Persepolis has a well-deserved place on the list, Sailor Moon by Naoko Takeuchi was unexpected. The article makes a good case for the addition though: “Sailor Moon was the game changer, the comic that effectively launched the magical girl genre. Sailor Moon isn’t just the reason why I’m here; it’s the reason why you’re here.” The only quibble with CA’s article is that it predates Errin Ferris’ tour-de-force, My Favorite Thing is Monsters (an aching story beautifully illustrated in ball-point-pen) wasn’t included.
But there’s always next year. We’ll be stalking these three websites to see what they conjure up for IWD 2018.
Free Art Licensing Q&A with J’net Smith, December 14
Posted by Rebecca Blake on November 29, 2016
J’net Smith of All Art Licensing is running her free Q&A on art licensing on December 14th. The session is open to designers, illustrators, cartoonists, and surface designers. Registrants can submit their questions in advance, and Smith typically covers 15-25 questions in each session. Because of the popularity of the sessions, participants are encouraged to register early to get their questions in the queue. Participants will also receive a free copy of Smith’s ebook, 20 Rules for Starting Your Art Licensing Business.
J’net Smith has contributed frequently to Guild resources. Most recently, she conducted a Guild webinar, “The New Art Licensing: Beyond the Basics,” which was well received this fall. She also extends a discount to Guild members on her licensing products and services. Currently, that discount is 25% off on all products and services, available for Guild members only through December 31st.
Update on Freelance Isn’t Free: NYC Mayor Signs Bill into Law
Posted by Advocacy Liaison on November 18, 2016
In a bright ending to a tough year, Mayor Bill DiBlasio of New York City signed the Freelance Isn’t Free Act into law on November 16. The law is the first of its kind in the nation, providing legal recourse for freelancers to pursue clients for non-payment. The law requires that employers supply freelancers with a contract for projects with a value greater than $800, and pay freelancers within 30 days of the submission of an invoice. The law also prohibits clients from extending an offer of payment lower than the agreed-upon fee. The law will go into effect in May of 2017.
The Freelancers Union is advocating to bring the law to other cities. Freelancers and their supporters are invited to sign the Union’s petition to bring the act nationwide. The Guild is a proud supporter of the Freelance Isn't Free initiative.
Illustrator and Lawyer Collaborate on Law & Artist Videos to Inform Graphic Artists
Posted by Rebecca Blake on November 08, 2016
In a bi-coastal collaboration that benefits artists, illustrator Mark Monlux (Seattle) and attorney Daniel Abraham (New York) have been producing Law & Artist, a library of videos on legal issues of interest to illustrators and designers. The videos are short, ranging from three to 12 minutes in length. Notably, they tackle some thornier areas of confusion, or bring to light considerations which are often overlooked. The information is peppered with examples pulled from case law.
For example, in an episode on derivative art, Monlux and Abraham use Shephard Fairey’s copyright infringement in his HOPE image as an object lesson. A two-part series on fair use goes into greater detail on parody and satire, and which is permitted under fair use. (News flash: parody and satire are NOT synonymous.) And an episode on attorneys’ fees delves into how those can be leveraged into any settlement an artist might get in a lawsuit. Monlux and Abraham consistently add to the series, permitting them to delve into the finer details on a number of thornier issues for artists.
Monlux and Abraham are a well-qualified team to advise artists. Mark Monlux is a cartoonist and illustrator, as well as an artist advocate. For many years, he served on the Guild’s national board, and he’s produced articles, videos, and animations educating designers and illustrators on legal issues. Daniel Abraham began his professional life as a professional illustrator before studying law. As a copyright attorney, he primarily represents creators. He publishes the blog Legal Easel, and has run seminars for the Graphic Artists Guild of New York.
Below: Off to a good start! The first installation in Law & Artist cautions visual artists to get the terms of their agreements in writing.Next Page
How to Start your Very Own Communication Design Business!
Enter your email address below to receive a free PDF booklet: How to Start your Very Own Communication Design Business! written by Lara Kisielewska
Looking to keep up with industry trends and techniques?
Taking your creative career to the next level means you need to be up on a myriad of topics. And as good as your art school education may have been, chances are there are gaps in your education. The Guild’s professional monthly webinar series, Webinar Wednesdays, can help take you to the next level.
Members can join the live webinars for FREE - as part of your benefits of membership! Non-members can join the live webinars for $45.
Visit our webinar archive page, purchase the webinar of your choice for $35 and watch it any time that works for you.