Author Topic: Fake Firefox update in the wild  (Read 614 times)

0 Members and 1 Guest are viewing this topic.

Offline techie

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 419
    • View Profile
Fake Firefox update in the wild
« on: March 04, 2017, 07:08:21 PM »
This has probably been discussed before, but this fake update is still running in the wild.

Most here know to never accept a unknown source popup and/or download. I was leaving a legitimate site when it popped up.

This malware (malvertising) fake notices get triggered by code contained in ads that are displayed on otherwise legitimate websites you are visiting.

The full article is located here:

https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696

P.S.  This adverted the Firefox popup, Ublock, firewall and anti-virus. I downloaded it on a test machine, and didn't install. then scanned the file with numerous anti-virus programs and they all failed to detect it as Malware.


Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 848
  • advanced techno feeb
    • View Profile
Re: Fake Firefox update in the wild
« Reply #1 on: March 05, 2017, 11:52:45 PM »
That is kind of scary that malware was not identified in the download by a scan.  I've always trusted MalwareBytes to find any problems  if I felt a download file was the least bit suspect.

Offline techie

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 419
    • View Profile
Re: Fake Firefox update in the wild
« Reply #2 on: March 06, 2017, 12:19:18 PM »
It's because it is a Java Script file, which is harder to detect. i.e. a number of Ransomware source codes are java script based, which is why there harder to detect.

Some info on Java Script and as you can see it can be delivered  or used many ways.

https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/


Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 848
  • advanced techno feeb
    • View Profile
Re: Fake Firefox update in the wild
« Reply #3 on: March 06, 2017, 09:21:22 PM »
Thanks for that.  I added the suggestions on .js  file handling for windows.  Every little layer of protection can help.

Online satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 161
    • View Profile
Re: Fake Firefox update in the wild
« Reply #4 on: March 06, 2017, 10:20:51 PM »
I use a little program called Script Defender to intercept certain potentially dangerous file types, it flags up a warning when the following file types are called: .VBS, .VBE, .JS, .JSE, .HTA, .WSF, .WSH, .SHS, .SHB, allowing you to allow script execution (when you know the file is safe) or to abort it (when you're unsure): http://www.analogx.com/contents/download/System/sdefend/Freeware.htm

It's not been updated for some time but I'd be surprised if it doesn't work on the latest W10, it worked on 1511 when I tested it out ~ a year ago.

Offline Zootopia3000

  • Full Member
  • ***
  • Posts: 53
    • View Profile
Re: Fake Firefox update in the wild
« Reply #5 on: March 20, 2017, 02:27:22 AM »
Had this happen to me just today while at eBay, small window for firefoxpatch.exe. Just closed it. This has happened to me before in the past with FF browser, but it's been about two years now since last happened.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 17773
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Fake Firefox update in the wild
« Reply #6 on: March 20, 2017, 02:37:10 PM »
The important thing is that you recognized it for what it was.  Unfortunately, lesser experienced people fall for those fakes as well as the "Microsoft Tech" phone calls. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.