Hackers have subverted warnings generated by Firefox about dangerous sites to punt fake anti-virus portals. Surfers straying onto a web page offering the "Security Tool" rogue anti-virus are offered a warning page that convincingly mimics the genuine Firefox block page. The site offers supposed updates for Mozilla's technology …
And it explains why several users here have recently managed to get rogue AV scanners installed.
How to combat this? Dunno. Tineye type reverse image search on the generated page looking for a score above a threshold match to genuine Firefox alert screens? Would that be too slow?
I just removed one from a friends computer.
She was adamant that she hadn't clicked on any dodgy links so this could explain it.
Fake Flash update pwnage.
First seen back in July? That wouldn't have been some time after Mozilla caused FF to produce a genuine screen saying that users should update their Flash plugin would it? Hmm, September 2009 apparently, so yes it would.
At the time Mozilla were bemoaning the fact that only 35% of those prompted to clicked the "download upgrade" link. Presumably they're the same ones who've been pwned since July.
That is vicious. I've always rated these sorts of scams on scale of "how likely is my father-in-law to fall for this?" test. I think this one is a "very likely". I guess I'll be getting the 'there's something wrong with my computer call' soon...
Ouch ouch ouch
He has a computer call?