Hackers subvert Firefox security warnings to sling scareware
Double bluff updates stuff scammers pockets
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Hackers have subverted warnings generated by Firefox about dangerous sites to punt fake anti-virus portals.
Surfers straying onto a web page offering the "Security Tool" rogue anti-virus are offered a warning page that convincingly mimics the genuine Firefox block page. The site offers supposed updates for Mozilla's technology that are actually scareware packages.
If Windows users apply these updates they will be falsely warned that their system is infected and continuously nagged into buying worthless scareware packages that serve only to line the pockets of cyber-scammers.
The rogue application will automatically attempt to install itself on the machines of prospective marks in cases where scripts are enabled, net security firm F-Secure warns.
Firefox's genuine attack warning technology is all server-side and never requests that users download updates. The attack relies, in part, on the ignorance of the majority of potential victims on this point.
The attack is a rare but not unprecedented attempt by malware slingers to use Firefox features to push their wares. Previous attacks by the same gang have involved tricking users into downloading scareware in the guise of a supposed Firefox/Flash update.
The malware is offered from a page designed to trick Firefox users into thinking their browser software has just been updated but that they still need to apply a Flash Player patch, which is actually a rogue anti-virus installation utility. The sneaky tactic, first spotted back in July, is explained in more detail in a blog post by F-Secure here. ®
COMMENTS
Fake Flash update pwnage.
First seen back in July? That wouldn't have been some time after Mozilla caused FF to produce a genuine screen saying that users should update their Flash plugin would it? Hmm, September 2009 apparently, so yes it would.
http://www.channelregister.co.uk/2009/09/17/firefox_users_with_vulnerable_flash/
At the time Mozilla were bemoaning the fact that only 35% of those prompted to clicked the "download upgrade" link. Presumably they're the same ones who've been pwned since July.
That's nasty.
And it explains why several users here have recently managed to get rogue AV scanners installed.
How to combat this? Dunno. Tineye type reverse image search on the generated page looking for a score above a threshold match to genuine Firefox alert screens? Would that be too slow?
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
