Fake Firefox update in the wild

Started by techie, March 04, 2017, 09:08:21 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

techie

March 04, 2017, 09:08:21 PM
This has probably been discussed before, but this fake update is still running in the wild.

Most here know to never accept a unknown source popup and/or download. I was leaving a legitimate site when it popped up.

This malware (malvertising) fake notices get triggered by code contained in ads that are displayed on otherwise legitimate websites you are visiting.

The full article is located here:

https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696

P.S.  This adverted the Firefox popup, Ublock, firewall and anti-virus. I downloaded it on a test machine, and didn't install. then scanned the file with numerous anti-virus programs and they all failed to detect it as Malware.

pastywhitegurl

#1
March 06, 2017, 01:52:45 AM
That is kind of scary that malware was not identified in the download by a scan.  I've always trusted MalwareBytes to find any problems  if I felt a download file was the least bit suspect.

techie

#2
March 06, 2017, 02:19:18 PM
It's because it is a Java Script file, which is harder to detect. i.e. a number of Ransomware source codes are java script based, which is why there harder to detect.

Some info on Java Script and as you can see it can be delivered  or used many ways.

https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/

pastywhitegurl

#3
March 06, 2017, 11:21:22 PM
Thanks for that.  I added the suggestions on .js  file handling for windows.  Every little layer of protection can help.

satrow

#4
March 07, 2017, 12:20:51 AM
I use a little program called Script Defender to intercept certain potentially dangerous file types, it flags up a warning when the following file types are called: .VBS, .VBE, .JS, .JSE, .HTA, .WSF, .WSH, .SHS, .SHB, allowing you to allow script execution (when you know the file is safe) or to abort it (when you're unsure): http://www.analogx.com/contents/download/System/sdefend/Freeware.htm

It's not been updated for some time but I'd be surprised if it doesn't work on the latest W10, it worked on 1511 when I tested it out ~ a year ago.

Zootopia3000

#5
March 20, 2017, 03:27:22 AM
Had this happen to me just today while at eBay, small window for firefoxpatch.exe. Just closed it. This has happened to me before in the past with FF browser, but it's been about two years now since last happened.

Corrine

#6
March 20, 2017, 03:37:10 PM
The important thing is that you recognized it for what it was.  Unfortunately, lesser experienced people fall for those fakes as well as the "Microsoft Tech" phone calls. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions