Security > Phishing, Spam and Hoaxes

Fake Firefox update in the wild

(1/2) > >>

techie:
This has probably been discussed before, but this fake update is still running in the wild.

Most here know to never accept a unknown source popup and/or download. I was leaving a legitimate site when it popped up.

This malware (malvertising) fake notices get triggered by code contained in ads that are displayed on otherwise legitimate websites you are visiting.

The full article is located here:

https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696

P.S.  This adverted the Firefox popup, Ublock, firewall and anti-virus. I downloaded it on a test machine, and didn't install. then scanned the file with numerous anti-virus programs and they all failed to detect it as Malware.

pastywhitegurl:
That is kind of scary that malware was not identified in the download by a scan.  I've always trusted MalwareBytes to find any problems  if I felt a download file was the least bit suspect.

techie:
It's because it is a Java Script file, which is harder to detect. i.e. a number of Ransomware source codes are java script based, which is why there harder to detect.

Some info on Java Script and as you can see it can be delivered  or used many ways.

https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/

pastywhitegurl:
Thanks for that.  I added the suggestions on .js  file handling for windows.  Every little layer of protection can help.

satrow:
I use a little program called Script Defender to intercept certain potentially dangerous file types, it flags up a warning when the following file types are called: .VBS, .VBE, .JS, .JSE, .HTA, .WSF, .WSH, .SHS, .SHB, allowing you to allow script execution (when you know the file is safe) or to abort it (when you're unsure): http://www.analogx.com/contents/download/System/sdefend/Freeware.htm

It's not been updated for some time but I'd be surprised if it doesn't work on the latest W10, it worked on 1511 when I tested it out ~ a year ago.

Navigation

[0] Message Index

[#] Next page

Go to full version