Wednesday, July 28, 2010

Fake Firefox Update Page Pushes Fake Flash Update

F-Secure has posted details of a fake Firefox "Just Updated" page which pushes users to install a phony update to Firefox and Flash that actually contains malware. In their recent post Rogue AV Masquerades as a Firefox/Flash Update F-Secure provides details of how the page works.

For starters lets explain what the page is, You know that page that instantaneously appears right after you install that recent update to your Firefox browser? And you open Firefox for the first time? Well this page looks almost identical to one of those.

Image courtesy F-Secure

Once a user is on the page there is a message box that suggests you not only update to the "latest and greatest version" of Firefox but also a message warning you that your Flash player is outdated and needs to be updated. Without clicking anything a download dialog box appears offering a fake file titled "ff-update.exe". Unsuspecting users that save and run the fill will find themselves infected with a rogue antivirus product named "SecurityTool" which starts finding threats which aren't there and demanding payment in order to remove them.

The files the "SecurityTool" software detects are an old virus, Virus.DOS.Glew.4245 and several trojans, worms and other vulnerabilities. Of course these aren't actually present, unless that is the software adds them. The name and URL of the site are obscured to we have no way of knowing how well the spoof was done but F-Secure says their software already detects this particular threat and has blocked the web site from which it spreads.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you