Text only | Text with Images

LandzDown Forum

Security => Phishing, Spam and Hoaxes => Topic started by: techie on March 04, 2017, 09:08:21 PM

Title: Fake Firefox update in the wild
Post by: techie on March 04, 2017, 09:08:21 PM
This has probably been discussed before, but this fake update is still running in the wild.

Most here know to never accept a unknown source popup and/or download. I was leaving a legitimate site when it popped up.

This malware (malvertising) fake notices get triggered by code contained in ads that are displayed on otherwise legitimate websites you are visiting.

The full article is located here:

https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696

P.S.  This adverted the Firefox popup, Ublock, firewall and anti-virus. I downloaded it on a test machine, and didn't install. then scanned the file with numerous anti-virus programs and they all failed to detect it as Malware.

Title: Re: Fake Firefox update in the wild
Post by: pastywhitegurl on March 06, 2017, 01:52:45 AM
That is kind of scary that malware was not identified in the download by a scan.  I've always trusted MalwareBytes to find any problems  if I felt a download file was the least bit suspect.
Title: Re: Fake Firefox update in the wild
Post by: techie on March 06, 2017, 02:19:18 PM
It's because it is a Java Script file, which is harder to detect. i.e. a number of Ransomware source codes are java script based, which is why there harder to detect.

Some info on Java Script and as you can see it can be delivered  or used many ways.

https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/

Title: Re: Fake Firefox update in the wild
Post by: pastywhitegurl on March 06, 2017, 11:21:22 PM
Thanks for that.  I added the suggestions on .js  file handling for windows.  Every little layer of protection can help.
Title: Re: Fake Firefox update in the wild
Post by: satrow on March 07, 2017, 12:20:51 AM
I use a little program called Script Defender to intercept certain potentially dangerous file types, it flags up a warning when the following file types are called: .VBS, .VBE, .JS, .JSE, .HTA, .WSF, .WSH, .SHS, .SHB, allowing you to allow script execution (when you know the file is safe) or to abort it (when you're unsure): http://www.analogx.com/contents/download/System/sdefend/Freeware.htm

It's not been updated for some time but I'd be surprised if it doesn't work on the latest W10, it worked on 1511 when I tested it out ~ a year ago.
Title: Re: Fake Firefox update in the wild
Post by: Zootopia3000 on March 20, 2017, 03:27:22 AM
Had this happen to me just today while at eBay, small window for firefoxpatch.exe. Just closed it. This has happened to me before in the past with FF browser, but it's been about two years now since last happened.
Title: Re: Fake Firefox update in the wild
Post by: Corrine on March 20, 2017, 03:37:10 PM
The important thing is that you recognized it for what it was.  Unfortunately, lesser experienced people fall for those fakes as well as the "Microsoft Tech" phone calls. 
Text only | Text with Images