Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 10. Feb 2013, 02:21 PM   #1 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default Fake firefox update

The saddest part of this experience is the fact that I was browsing "safe" pages like project gutenberg in one tab and a movie site (behindwoods.com) for Indian films in another tab. All of a sudden I get this tab as shown in the screenshot (It detected the wrong firefox version, I'm browsing with 18.0.2 right now). It is easy to see how most people can get fooled by this...Thankfully, no damage done

Out of curiosity, I pressed the "start update process" and it downloaded a file titled "firefox_update.exe" (obviously a fake malware file). When I clicked on it, it prompted for UAC credentials. For obvious reasons, I decided to play safe and ignored it. When I tried accessing the URL, nothing..looks like the site owners were notified of this and they removed it.

Before deleting the file, I gave it a quick scan with emsisoft portable, nothing found..A quick scan with virustotal and only four scanners actually detected that it was "some kind of trojan/whatever".

Guess malware makers are getting smarter by the second.....




Concerned User is offline   Reply With Quote
Old 10. Feb 2013, 02:40 PM   #2 (permalink)
Senior Member
 
Join Date: Oct 2012
Posts: 1,028
Default

"Thankfully" (as you say) you were savvy enough to recognize it wasn't genuine, but IMHO more people would be fooled that those that won't.

Malware writers are bad guys but they can be quite ingenious. It's a sorry story with those who can't discern what's malware because they just unknowingly add to the spreading of it.
Joe A.TT is offline   Reply With Quote
Old 11. Feb 2013, 02:47 PM   #3 (permalink)
Member
 
Join Date: Nov 2012
Posts: 8
Default

seems like the exploit for browser's vulnerabilities
use surfpatrol for blocking such things
termix is offline   Reply With Quote
Old 11. Feb 2013, 02:59 PM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,336
Default

Quote:
Originally Posted by termix View Post
seems like the exploit for browser's vulnerabilities
use surfpatrol for blocking such things
Don't think this was because on an exploit. As Concerned User says, he is using the latest version of Firefox. Also, I think, being an experienced user, he keeps the plugins updated.

Surfpatrol although looks helpful, but it cannot block any such attacks, nor prevent it. Surfpatrol merely checks if the browser, or the plugins are updated or not. Other than that, I don't think it's a blocking tool of any kind.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 11. Feb 2013, 03:01 PM   #5 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Concerned User, I'm just curious. Was Firefox Sandboxed?
__________________
T
Taurus is offline   Reply With Quote
Old 11. Feb 2013, 03:07 PM   #6 (permalink)
Member
 
Join Date: Nov 2012
Posts: 8
Default

Anupam,
SurfPatrol checks whether browser or plugins are vulnerable or not. (in according of its vulnerability database)
for instanse, there are old versions of FF without known vulners which are safe to use. surfpatrol won't say anytnig wrong about them.
also it can detect 0-day vulners (without patches to apply)
termix is offline   Reply With Quote
Old 11. Feb 2013, 03:22 PM   #7 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,336
Default

Quote:
Originally Posted by termix View Post
Anupam,
SurfPatrol checks whether browser or plugins are vulnerable or not. (in according of its vulnerability database)
for instanse, there are old versions of FF without known vulners which are safe to use. surfpatrol won't say anytnig wrong about them.
also it can detect 0-day vulners (without patches to apply)
Agreed to above, and I got that by reading the Surfpatrol site, but my point was that first, this was not an instance of vulnerability exploit, as it seems to me. Secondly, you said Surfpatrol can block such things, which is not true, it's merely a tool to check for vulnerabilities. It can alert a user about the vulnerabilities to patch up, and even then the user has to visit the Surfpatrol site to know about them, and it's on the user to patch the vulnerabilities. SurfPatrol is not a real time tool, so it cannot block the vulnerabilities.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 11. Feb 2013, 03:29 PM   #8 (permalink)
Member
 
Join Date: Nov 2012
Posts: 8
Default

there are extensions for Chrome and Opera browsers - if it founds vulnerability, it immediately signals
well, I'd say it suggests preventive defence
termix is offline   Reply With Quote
Old 11. Feb 2013, 03:42 PM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,336
Default

Quote:
Originally Posted by termix View Post
there are extensions for Chrome and Opera browsers
Didn't see any extensions on SurfPatrol site.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 11. Feb 2013, 03:45 PM   #10 (permalink)
Member
 
Join Date: Nov 2012
Posts: 8
Default

Chrome and Opera

Last edited by Anupam; 11. Feb 2013 at 03:51 PM. Reason: Replaced link with non-English site for Opera plugin to English one
termix is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 02:28 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.