Fake "Critical browser update" warnings lead to malware
Posted on 10.01.2014
If you have manually updated your browser in the last week or so, think back on how you did it. Did you look for the update yourself, or did you download one after being faced with a warning saying you should pick up a "critical update"?

If it's the latter, and if you are living in the UK, chances are you fell for the latest malware delivery campaign that was started just before New Year's Eve.

You probably visited a free movie streaming or media site, and a malicious ad redirected you to another website.

"The website, which is hosted in the Ukraine, uses a dual hybrid Web server setup by Apache and Nginx, with the latter identifying the victimís browser and performing a redirect," Symantec researchers explained in a recent blog post.

On the site on which you ended up, a warning using a template corresponding to your browser type was shown, and you were offered the update for download. Had you refused, a JavaScript loop would have forced you to stay on the site by making it impossible to close your browser unless you performed a extensive series of repetitive clicks.


If you have downloaded and run the update, you should know that your computer has been likely been infected with the information-stealing Shylock Trojan, and you should use an AV solution to disinfect your machine.

It's good to start your year with a clean computer and updated software, but you should know and remember that the only right place to pick up a software update is its developer's official website.









Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //