Malicious ads lead to fake browser updates
Posted on 28.11.2012
Every now and then, malware peddlers employ the "Your browser is out of date, download the update here" approach to saddling inexperienced users with their malicious wares.

StopMalwertising warns of another upswing of this particular tactic, which starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:


The landing page was initially located on securebrowserupdate.com, but has since been removed. Still, you can bet on the fact that there are more like it out there.

"At securebrowserupdate.com there's an update for every browser. If the script canít make up which browser youíre running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download," they share.

These served pages have the look and the feel of the legitimate browsers' sites they are trying to impersonate, so it's understandable how some users might fall for the scheme. According to Trend Micro, French, US and Spanish users are among the most targeted / gullible.

"Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload," Trend Micro researchers shared.

"The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saves it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the userís Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a userís system."

StopMalwertising detected another JavaScript on the site, which apparently pops up requests and notifications such as:
  • Sent to your number sms with a secret code. Enter your confirmation code activation.
  • An error occurred while processing the request server.
  • Software is successfully activated.
Obviously, users are in additional danger of sending an SMS to a premium rate service in order to activate the bogus updates.

While avoiding schemes like this altogether isn't possible, it is actually very easy not to fall for them: simply make sure to download browser updates only from their official sites (type in the correct URL yourself), or set the browser to update itself automatically.






Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //