Fake firefox update

[Concerned User]

The saddest part of this experience is the fact that I was browsing "safe" pages like project gutenberg in one tab and a movie site (behindwoods.com) for Indian films in another tab. All of a sudden I get this tab as shown in the screenshot (It detected the wrong firefox version, I'm browsing with 18.0.2 right now). It is easy to see how most people can get fooled by this...Thankfully, no damage done

Out of curiosity, I pressed the "start update process" and it downloaded a file titled "firefox_update.exe" (obviously a fake malware file). When I clicked on it, it prompted for UAC credentials. For obvious reasons, I decided to play safe and ignored it. When I tried accessing the URL, nothing..looks like the site owners were notified of this and they removed it.

Before deleting the file, I gave it a quick scan with emsisoft portable, nothing found..A quick scan with virustotal and only four scanners actually detected that it was "some kind of trojan/whatever".

Guess malware makers are getting smarter by the second.....

[Joe A.TT]

"Thankfully" (as you say) you were savvy enough to recognize it wasn't genuine, but IMHO more people would be fooled that those that won't.

Malware writers are bad guys but they can be quite ingenious. It's a sorry story with those who can't discern what's malware because they just unknowingly add to the spreading of it.

[termix]

seems like the exploit for browser's vulnerabilities
use surfpatrol for blocking such things

[Anupam]

Quote:

Originally Posted by termix

seems like the exploit for browser's vulnerabilities
use surfpatrol for blocking such things

Don't think this was because on an exploit. As Concerned User says, he is using the latest version of Firefox. Also, I think, being an experienced user, he keeps the plugins updated.

Surfpatrol although looks helpful, but it cannot block any such attacks, nor prevent it. Surfpatrol merely checks if the browser, or the plugins are updated or not. Other than that, I don't think it's a blocking tool of any kind.

[Taurus]

Concerned User, I'm just curious. Was Firefox Sandboxed?

[termix]

Anupam,
SurfPatrol checks whether browser or plugins are vulnerable or not. (in according of its vulnerability database)
for instanse, there are old versions of FF without known vulners which are safe to use. surfpatrol won't say anytnig wrong about them.
also it can detect 0-day vulners (without patches to apply)

[Anupam]

Quote:

Originally Posted by termix

Anupam,
SurfPatrol checks whether browser or plugins are vulnerable or not. (in according of its vulnerability database)
for instanse, there are old versions of FF without known vulners which are safe to use. surfpatrol won't say anytnig wrong about them.
also it can detect 0-day vulners (without patches to apply)

Agreed to above, and I got that by reading the Surfpatrol site, but my point was that first, this was not an instance of vulnerability exploit, as it seems to me. Secondly, you said Surfpatrol can block such things, which is not true, it's merely a tool to check for vulnerabilities. It can alert a user about the vulnerabilities to patch up, and even then the user has to visit the Surfpatrol site to know about them, and it's on the user to patch the vulnerabilities. SurfPatrol is not a real time tool, so it cannot block the vulnerabilities.

[termix]

there are extensions for Chrome and Opera browsers - if it founds vulnerability, it immediately signals
well, I'd say it suggests preventive defence

[Anupam]

Quote:

Originally Posted by termix

there are extensions for Chrome and Opera browsers

Didn't see any extensions on SurfPatrol site.

[termix]

Chrome and Opera