Fake Firefox update delivers malware, exploit kits

Stephanie Wright, Contributor

Malware researchers at GFI Labs have identified a website being used to trick Firefox users into updating their browser. The phony site is being used as a launch pad for malware.

    Requires Free Membership to View

Researchers have discovered a website tricking users into downloading a fake Firefox update. The site conducts a phony security scan and prompts the victim to install malware on their machine.

Parveen Vashishtha, Symantec researcher 

The site, which has been shut down, contained a Mozilla Firefox logo and a malicious executable file. Visitors to the site were greeted with a fake scan, a technique commonly used to push rogue antivirus software. After the bogus scan, the site suggests the user update their browser in order to be more protected from “different Internet dangers.”

The user is prompted to download the executable file, which GFI detected as Trojan.Win32.Generic!BT. Once the malicious program is installed, the malware opens new windows or tabs in browsers that direct to different survey pages.

“Based on multiple tests, minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate,” said Jovi Umawing of GFI in the company’s blog. GFI Labs also identified several other websites running similar scams.

The technique, while not as widely used as fake antivirus or phishing, is not new.

A similar phony browser update scam was detected by Symantec in 2010. In that attack, according to Symantec, a dialogue box apparently forced Firefox and Chrome update notification windows to pop up. Once downloaded, the executable looks like a variation of Security Tool, a scareware application that displays exaggerated pop-ups.

“If more savvy users don’t download the misleading application executable, then these websites will redirect users to a website that, in turn, further redirects to a malicious website that is hosting the infamous Phoenix exploit kit,” wrote Symantec researcher Parveen Vashishtha.

Phoenix, which is heavily protected against detection by antivirus software, exploits vulnerabilities in Web browsers to deliver additional malware into the system.

Attackers have also attempted to trick users into installing bogus Microsoft security updates.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: