Fake Flash Player Targets Apple Users and WP Engine Clients
Posted by Rebecca Blake on April 05, 2017
Fake Flash Player updates which mask malware have been around since MySpace was hot; Adobe was warning the public not to download the Flash Player from sources outside their download site back in 2008. But despite the publicity, the malware-installing fake downloads persist. Currently, a fake Flash Player scam is targeting visitors and users of the popular WordPress hosting platform WP Engine by taking advantage a common typo of the company URL.
If a webdesigner or WPEngine client accidentally inserts an hyphen (“wp-engine”) into the URL of their development site on WP Engine, they are immediately taken to a page with a pop-up screen warning them that their Flash Player is outdated. The screen apes legitimate warnings that appear when Flash Player truly is outdated. If the user clicks onto the update button, rather than being taken to the official Adobe Flash Player download page, they’ve initiated the installation of the malware onto their computers. To confuse users who suspect something is amiss, the installer also downloads a genuine version of the Flash installer.
The irony is that WPEngine is rated one of the most secure web hosts for WordPress websites, and takes great pride in their robust security settings. (WP Engine customers needn't be concerned that the webhost has been compromised. The website is never accessed, since the malware redirects from the incorrect URL pulled up from the typo.)
The particular brand of malware installed is appropriately named scareware. The infected computer is overrun with pop-up ads warning of an infection and prompting the user to install malware masquerading as anti-virus software. Going into the Applications folder and deleting the fake Flash download appears to solve the problem. However, once the computer restarts, the pop-up screens appear again, and the fake Flash installer reappears in the downloads folder. Doing a reinstall of the browser prevents subsequent appearances of the pop-up windows, but the malware will reside in the system until an antivirus program such as Malwarebytes Anti-Malware is run.
The Intego Mac Security Blog ran a comprehensive article on fake Flash update scareware last year. According to Graham Cluley of Intego, the scareware manipulates the computer users fear of infected computers to trick them into downloading the fake Flash Player. Johannes Ullrich of SANS Institute reported that the scareware installer took advantage of a valid Apple developer certificate. That permitted the malware to bypass recent OS X defenses which permit only programs downloaded from the official App store or identified developers to be downloaded. (Ullrich pulled together an informative video which shows what happened when he downloaded the fake Flash player.)
Downloading the Flash Player from only the official Adobe website is common sense, and websites which ask users to legitimately update their version of Flash will direct users to this page. The fake Flash Player download continues to be used by scammers. This February, Intego reported that a fake Flash Player is being used to install a sloppy new malware, “MadDownloader.” MacDownloader attempts to steal the users keychain information – passwords, usernames, PINs, etc. – by tricking the user into believing adware software needs to be removed from their system. Although the malware was so poorly designed as to pose little risk, chances are the developers will release an updated version. If a user suspects their version of Flash may be updated, they should check the status via their Systems Preferences or, better yet, permit Adobe to automatically update the program.
As for WP Engine customers: just be sure to not include a hyphen in the domain when you're typing in the URL for your development platform. If you forget,and that persistent “Flash Player outdated" screen appears, simply quit out of your browser. If. you haven't downloaded anything, chances are you’re fine. (You can always run your anti-malware software just to be sure.)
If you accidentally type “wp-engine” into your address bar, you’re taken to a deceptively official-looking Flash update screen.. Note the URL is dllmacfiles, not the Adobe Flash download site. The intercept is quite aggressive; a persistent popover window prompts you to install the fake Adobe Flash Player. The fake download screen even includes reassuring verbiage telling you that dllmac is distributing an “install manager.”
If you click “cancel,” a popover window asks you if you’re sure you want to leave the page. Clicking "Leave Page” averts any problems.
Adobe Design Achievement Awards Student Competition is Open
Posted by Rebecca Blake on March 15, 2017
The annual Adobe Design Achievement Awards global student competition is again open. Students 18 years and older, and registered (or recent graduates from) accredited institutions of higher education, are encouraged to submit their existing student work. Students can enter up to three unique projects in the broad categories of Fine Arts, Commercial, and Social Impact. The breadth of subcategories covers the range of disciplines studied by visual arts students, from photography, illustration, and package and graphic design, to animation/motion design and video editing and production, to web, app, and game design. This year, students working in virtual or augmented reality, 360-degree technology, and other new media will be considered for an “Excellence in New Media” Special Designation.
As in previous years, all entrants will receive a subscription to 99U career tips, will have their entries reviewed by the international panel of judges, and can choose to be considered for a mentorship with a creative professional, coordinated through ADAA partner ico-D. The full complement of prizes supports the ADAA’s mission of “Launching Student Careers,” and includes participation in Adobe Bootcamps, meetings with industry leaders, creative residencies, and subscriptions to Creative Cloud.
There is no charge for entering the competition, and submissions are accepted through June 12th. Students who submit work by May 2nd will have their work considered for early bird semifinalist. Entries can be viewed in real time on the ADAA website as they are uploaded. Students who want to see what their peers are entering can visit the “Entries” page and filter by category, region, country, school, and (once judging begins) status.
Elevating “Real” News Through Web Typography
Posted by Rebecca Blake on February 06, 2017
During the Poynter Digital Design Challenge, five designers addressed the leading challenge facing news organizations and their consumers: the prevalence and seeming authority of fake news. Each design brought a unique perspective and solution, from a reader-controlled interface, to an app with customizable news and ad streams, to integrated video and virtual reality experiences. Jeffrey Zeldman, however, went after what he described as low-hanging fruit: the website typography.
In his article on TrackChanges, “Authoritative, Readable, Branded: Report from the Poynter Design Challenge, Part 2,” Zeldman advocates for a “clean, uncluttered, authoritative branded page” driven by typography. He points out that any news publication, no matter how cash-strapped, can invest in better typography. To that end, Zeldman has posted a sample reader layout and style guide.
The Challenge brought together Mike Swarz (Upstatement), Lucia Locava (Locava Design Inc.), Jared Cocken (STYLISH.co), Kat Downs Mulder (The Washington Post), and Jeffrey Zeldman (A List Apart) last October to discuss the issues with online news media during a two-day conference at Columbia. The designers reconvened in January for part two of the Challenge, at which they presented their proposals. In intervening months, the role played by fake news in influencing voters had become a hot topic. It’s a problem Zeldman thinks can in part be addressed through clean, authoritative, branded design: “Authoritative because this isn’t fake news. Branded because the source matters.”
You can read Zeldman’s article on TrackChanges, as well as an earlier article summarizing his co-presenters’ work. The entire Poynter Design Challenge discussions from October and January can be viewed online on fora.tv.
Right: Zeldman's Style Guide from the Poynter Digital Design Challenge, based on a Typecast template from John Martins.
DesignCensus: Respond to AIGA’s Comprehensive Survey of the Design Sector by December 16
Posted by Rebecca Blake on November 30, 2016
Google and AIGA have collaborated on Design Census, a survey to map the educational level, lifestyle, and work habits of designers around the world. International design organizations ico-D, iDSA, and IxDA are supporting partners, as well as SEGD and the National Endowment of the Arts (among others) in the US. The survey is an extension of AIGA’s design survey, and was devised to understand “the complex economic, social, and cultural factors shaping the design practice today.” The survey will be open from December 1-16, and preliminary results will be published shortly afterwards. Designers are encouraged to respond by December 16.
In an attempt to ensure respondents take the survey only once, survey takers must log in with either a Twitter, Google, or AIGA account (all of which are one-way encrypted). The survey responses, though, are entirely anonymous. As a way to encourage engagement with the survey, AIGA is encouraging people to respond to the survey results by creating any content – website, image, poster, animation – which expresses their website, and post it with #designcensus2016.
Illustrator and Lawyer Collaborate on Law & Artist Videos to Inform Graphic Artists
Posted by Rebecca Blake on November 08, 2016
In a bi-coastal collaboration that benefits artists, illustrator Mark Monlux (Seattle) and attorney Daniel Abraham (New York) have been producing Law & Artist, a library of videos on legal issues of interest to illustrators and designers. The videos are short, ranging from three to 12 minutes in length. Notably, they tackle some thornier areas of confusion, or bring to light considerations which are often overlooked. The information is peppered with examples pulled from case law.
For example, in an episode on derivative art, Monlux and Abraham use Shephard Fairey’s copyright infringement in his HOPE image as an object lesson. A two-part series on fair use goes into greater detail on parody and satire, and which is permitted under fair use. (News flash: parody and satire are NOT synonymous.) And an episode on attorneys’ fees delves into how those can be leveraged into any settlement an artist might get in a lawsuit. Monlux and Abraham consistently add to the series, permitting them to delve into the finer details on a number of thornier issues for artists.
Monlux and Abraham are a well-qualified team to advise artists. Mark Monlux is a cartoonist and illustrator, as well as an artist advocate. For many years, he served on the Guild’s national board, and he’s produced articles, videos, and animations educating designers and illustrators on legal issues. Daniel Abraham began his professional life as a professional illustrator before studying law. As a copyright attorney, he primarily represents creators. He publishes the blog Legal Easel, and has run seminars for the Graphic Artists Guild of New York.
Below: Off to a good start! The first installation in Law & Artist cautions visual artists to get the terms of their agreements in writing.Next Page
How to Start your Very Own Communication Design Business!
Enter your email address below to receive a free PDF booklet: How to Start your Very Own Communication Design Business! written by Lara Kisielewska
Looking to keep up with industry trends and techniques?
Taking your creative career to the next level means you need to be up on a myriad of topics. And as good as your art school education may have been, chances are there are gaps in your education. The Guild’s professional monthly webinar series, Webinar Wednesdays, can help take you to the next level.
Members can join the live webinars for FREE - as part of your benefits of membership! Non-members can join the live webinars for $45.
Visit our webinar archive page, purchase the webinar of your choice for $35 and watch it any time that works for you.