Feeds

Fake Firefox site bundles undead adware

Zango crapware rises from the grave

High performance access to file storage

Adware slingers have taken advantage of the buzz around the latest version of Firefox to establish a fake browser download site.

The counterfeit Firefox download site is disguised as a kosher browser download site and might easily fool the unwary. A closer look, however, reveals the version of Firefox on offer is version 3.5 (instead of the latest 3.6 version supplied by Mozilla). In addition, terms such as "Anti-Pishing" (sic) are misspelled on the glossy counterfeit download site.

Web users taken in by the scam will wind up downloading browser software contaminated with the Hotbar toolbar from Pinball Corp, formerly Zango. The software bombards marks with irksome pop-up ads while also further slowing performance by loading the Hotbar weather application in the system tray.

Security firm eSoft, which documents the risk here, reckons that the ruse is more likely the brainchild of a rogue Pinball agent rather than the firm itself. Pinball rewards its pay-per-install affiliate with up to $1.45 per install, eSoft adds.

Users looking to get the latest version of Firefox are advised to go to Mozilla's getfirefox.com site. eSoft has blocked access to the fake site for users of its technology. Other vendors can be expected to follow suit.

Zango was repeatedly obliged to defend itself against accusations that its ad-serving software was distributed without the informed consent of users. Security firms routinely categorised Zango's software as adware, sparking unsuccessful lawsuits against Kaspersky Lab and PC Tools in 2007. Its PR staff tenaciously held the line that any problems were down to rogue affiliates, which it was in the process of culling even before it paid the FTC to settle a privacy lawsuit back in 2006.

However its chief tormentors - Ben Edelman, an assistant professor at the Harvard Business School, and Chris Boyd, former security researcher at Facetime Security - continued to document evidence of malpractice by Zango years after the FTC settlement. Zango went titsup last April, but its Hotbar technology lingers on the interwebs, as evidenced by the fake Firefox download ruse. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.