Hi there! Just a short post on a publisher called NEXT-POINT (OOO Next-Point). I just found a download named adobe_flash_setup.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.
You can also check the digital signature under the file’s properties. According to the certificate we can see that NEXT-POINT (OOO Next-Point) seems to be located in Moscow, Russia and that the certificate is issued by COMODO RSA Code Signing CA.
The problem is that adobe_flash_setup.exe is not an official Adobe Flash Player download. If it was, it would have been digitally signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
The current detection rate is 4/57, that is 7%. Avira reports adobe_flash_setup.exe as Adware/InstallCore.A.499, ESET-NOD32 detects it as a variant of Win32/InstallCore.XP potentially unwanted and K7AntiVirus reports Trojan ( 004b75ec1 ).
When I tested the NEXT-POINT (OOO Next-Point) file it installed StormFall and MyPC backup on some product from Symantec. Don’t remember the name. Perhaps it was Norton 360.
Did you also find a file signed by NEXT-POINT (OOO Next-Point)? What kind of download was it and where did you find it?
Hope this blog post helped you avoid some unwanted software on your machine.
Thanks for reading.
Followed a search result link to http://okay.so/en/list/gm+transmission/0/ and it popped up a window saying “Please install Flash Player HD” that looked a lot like an Adobe Flash update window that we have all seen many times. That box will send you adobe_flash_update.exe, that once downloaded will show you NEXT-POINT(000 Next-Point) if you check properties/digital signatures. It also gives an email address info@nextpoint-ru.com. The web site for nextpoint-ru.com has no obvious connection to adobe flash updates. Suggest no one actually try to install this file. If under properties is says the file is blocked, delete the file and never go to that site again.
The site that is sending the actual file is 24check.videoupdatelive.com.