Just to be clear
If you get the updated firefox page and it prompts you to update flash then it's a fake. Is that right?
Fake Firefox update used to sling scareware
Online con artists have developed a strain of scareware that poses as a Firefox update. The tactic is a change from the standard approach adopted by purveyors of rogue anti-virus scanners - tricking users into visiting scareware portals running fake security scans that report non-existent security problems to panic surfers into …
This topic is closed for new posts.
Re: Just to be clear
I don't think so - I got a similar update message recently after a real update, and the 'you should update flash right now' link took me to adobe's website.
@nickrw
"...the 'you should update flash right now' link took me to adobe's website."
Same here. I was shitting bricks a moment ago but am fairly certain mine did the same. So hopefully OK (but I'll be checking up on it anyway).
I had also, in comparison to the image shown in this article, recently upgraded to 3.6.8; just that minute in fact. Perhaps that's where the hackers got their idea though?
Kinell!
I had that two days ago. Too busy to install an upgrade at the time so I just shut it down.
It opened a new tab as FF upgrades do. How did it do that?
It just registered as strange rather than bogus.
Title
Sounds like your javascript and/or popup-blocker settings might want tightening up. Alternatively, add NoScript extension.
Or run Firefox under a non-Admin user account, so you'll know that *any* upgrade notice you see is bogus. As a further benefit, even if you do download and run the naughtyware, it can't hurt your system (though no promises about your documents etc.)
Comment
Firefox was reporting a site I visit regularly as an attack site, so I'd relaxed the security settings to get in. So it may have sneaked in that way.
Seen this too
I've seen it too, didn't do the update fortunately, cause i just couldn't be bothered at the time.
Seems to be some confusion
El Reg should fix the article since it's not clear.
There is a completely legitimate page that appears very similar to the one the VXers use that also informs you to upgrade Flash. However, it DOES lead to Adobe's site and goes through the regular channels to update Flash. What this fake version does is appears to give you an upgrade, but when you attempt to use the 'upgrade flash' link, it has you download a payload.
Read the F-Secure article, folks.
Also: "In related news, McAfee warned earlier this week that VXers were offering a Trojan disguised as trial versions of its VirusScan anti-virus software."
So it's going to perform like regular McAfee - slow, bloated and does no good at all?
Riddle Me This
Since Firefox itself is checking for updates, why would you EVER trust any webpage that loads and reads "you need to update" this or that?
Don't do it. Only update firefox when a trusted add-on claims a newer version of itself is available through the normal popup window, and of course if you haven't kept this in mind and are taken somewhere questionable, Look At The URL.
On a side note, this malware seems less harmful than Flash, maybe it all works out for the best.
Bottom line
Always look at the URL. Just keep glancing back up at it to make sure you're on the right site.
Also, there is a legit page that does appear when you update firefox and this is an exact copy of that. The difference is where that URL goes, so look at the status bar too.
*checks to make sure he's on el reg*
*submit*
Only ChavOS effected - i'm safe
Again - it is only Microsoft based (chav) OS's that are effected by this malware.
Morally correct OS's are fine (and Apple Os's are too) - like pretty much all malware.
Chav spellcheckers.....
Effected? Affected perhaps, as are you it would appear. Write out 100 lines of code.
Microsoft Windows only
The article failed to mention that the malware is Microsoft Windows specific.
http://img443.imageshack.us/img443/5033/ffupdateexe.jpg
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
