Malicious ads lead to fake browser updates
Posted on 28.11.2012
Every now and then, malware peddlers employ the "Your browser is out of date, download the update here" approach to saddling inexperienced users with their malicious wares.

StopMalwertising warns of another upswing of this particular tactic, which starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:


The landing page was initially located on securebrowserupdate.com, but has since been removed. Still, you can bet on the fact that there are more like it out there.

"At securebrowserupdate.com there's an update for every browser. If the script canít make up which browser youíre running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download," they share.

These served pages have the look and the feel of the legitimate browsers' sites they are trying to impersonate, so it's understandable how some users might fall for the scheme. According to Trend Micro, French, US and Spanish users are among the most targeted / gullible.

"Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload," Trend Micro researchers shared.

"The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saves it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the userís Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a userís system."

StopMalwertising detected another JavaScript on the site, which apparently pops up requests and notifications such as:
  • Sent to your number sms with a secret code. Enter your confirmation code activation.
  • An error occurred while processing the request server.
  • Software is successfully activated.
Obviously, users are in additional danger of sending an SMS to a premium rate service in order to activate the bogus updates.

While avoiding schemes like this altogether isn't possible, it is actually very easy not to fall for them: simply make sure to download browser updates only from their official sites (type in the correct URL yourself), or set the browser to update itself automatically.






Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //