Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Warning To Firefox Users – Fake Update Installs Malware | SUPER-Contest Deadline

If you use the popular Mozilla Firefox web browser (as I do) and you see this,

fake-ffupdate-thumb-450x361-13880

immediately hit Alt+F4 to close Firefox (or use Task Manager to kill the firefox.exe process [An Overview and Tutorial on the Windows Task Manager]).. it would also be a good idea to start a Full anti-malware scan.

Why? Because this is a carefully crafted criminal cyber attack which is attempting to trick you into clicking a link that will install a fake (aka “rogue”) antivirus program. This page sure looks real, but it is 100% fake. (It has been a while since I mentioned rogues here, but everybody should know about them by now, right? Right. If you don’t, click here, Your Computer Is Lying To You… The Epidemic Of Rogues)

The full story of this (current) attack is here, Fake Firefox Flash Update is Rogue. I bet this one is going to nail a lot of people… Hey. Cyber Czar. You see this *stuff*??? Think there might be a problem?

In happier news..


** SUPER Software License Giveaway Ends Tonight **


To help celebrate SUPERAntiSpyware’s recent inclusion in VirusTotal’s premier file analyzing service, the good folks there at SUPERAntiSpyware (known in the biz as “SAS”) have generously donated some Professional Edition licenses to me – “lifetime” licenses no less – to award to my readers.

SUPERAntiSpyware is a program for combating spyware and Internet threats. Today’s Grand Prize retails for $200, and features software I have endorsed from Day One.”
For details (and to enter), click here.

The contest ends at midnight (Pacific) tonight, so don’t miss out – act now.


Today’s recommended website: Should you suspect that you have been cyber-attacked, and/or you want to make sure nothing has slipped past your onboard defenses (and trust me, it happens), and you have Internet access, head over to Microsoft’s Windows Live OneCare safety scanner and Get a free PC safety scan. Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC.

  • Check for and remove viruses
  • Get rid of junk on your hard disk
  • Improve your PC’s performance (it examines and repairs your Registry)

Today’s free download: Microsoft Security Essentials provides real-time protection for your home PC that helps guard against viruses, spyware, and other malicious software. Get high-quality, hassle-free antivirus protection for your home PC now. Free. Lifetime.

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


Share this post :

July 29, 2010 - Posted by | computers | , , , , , ,

18 Comments »

  1. TechPaul,

    Thank you for alerting us to the Firefox “Fake Update”… I am sure many will be taken by this. Definitely a problem out there and no one to knock it down!

    Rick

    Like

    Comment by Ramblinrick | July 29, 2010 | Reply

    • Rick,
      Yes, the “average computer user” is not prepared to even suspect that their computer might “lie”, and many do not grasp that there are predators with programming skills robbing the Western economies of $billions a year. (I posit that this is a bigger factor in the “global recession” than anyone is willing to admit. {New Data Breach Study Shows Over 721.9 Million Records Disclosed, Estimated Cost of $139 Billion})
      A “hacker” is a bored kid-genius, right?

      I believe that there are those with the willingness to “knock it down”, but they lack the authority. And the ‘reach’.
      The Internet is seriously broken (was built broken, basically) and needs to be fixed. Fortunately, there are some brilliant minds working on the problem…
      (But, IMHO, any “fix” will have to be “average computer user”-proof. [I have seen the enemy and he is us.])

      Like

      Comment by techpaul | July 29, 2010 | Reply

  2. “Fake” is the new social engineering weapon of choice. Users need to be extra vigilant before taking any action these days. When in doubt, alt-f4 as indicated above and go to the actual Website for further guidance.

    Like

    Comment by Mister Reiner | July 29, 2010 | Reply

    • Mister Reiner,
      Excellent advice. (In this case, it would mean re-Open-ing your web browser and going directly to Adobe’s website.) I thank you, Mister Reiner. I very much appreciate your taking the time and contributing to my efforts of spreading the word to “everyone”.

      Folks, those of you with an interest in learning more about “hackers” and InfoSec should take a look at Mister Reiner’s website.. curiously enough, it’s named Mister Reiner

      Like

      Comment by techpaul | July 29, 2010 | Reply

  3. I have received this message several times recently. I even tried to install it, but can’t remember if it installed or not. I don’t think it did or I received an error message. Last time I received this, I closed it without doing anything. Will Norton detect this infection if I got it?

    Like

    Comment by Kay Entwistle | July 29, 2010 | Reply

    • Kay Entwistle,
      I believe that Norton does have the “definition” for this particular rogue. And I believe that Norton NIS 2009/2010, and 360 are top-tier products (possibly the best, for the moment). HOWEVER, anti-malware products are not design to protect you from yourself, and it is the User themselves who are installing this malware. Also, the first thing modern malware does (commonly) is look for your installed anti-malware — and then cripple it: usually in an undetectable way.

      It could be that the rogue’s installer package experienced an “error” due to Norton. I don’t know. I’m not looking at your machine. But I would suggest going to an online scanner ASAP (or two) and have a Full scan done. I provided a link to Microsoft’s in the article above.
      I also recommend Trend Micro’s Housecall.

      Like

      Comment by techpaul | July 29, 2010 | Reply

      • Hi Tech Paul,
        It’s funny you should say that about modern malware disabling anti-malware in an undetectable way. I have Spyware Doctor on my pc and didn’t realize until last night it was completely disabled. I now have it running again and did a full scan with that and came up clean. I also went to your article “Your Computer is Lying to You” and from there went to Bill Mullins’ “How Fake/Rogue Software Affects Real People” and downloaded Malwarebytes’ Anti-malware. I also ran a full scan with that and came up clean. I will also, per your suggestion, take a look at Housecall. Thanks again for your help and your blog. I appreciate the warning on this nasty rogue. -Kay

        Like

        Comment by Kay Entwistle | July 30, 2010 | Reply

        • Kay Entwistle,
          Thank you for letting me know that you have found my information useful.

          If Housecall, (a refreshed) Spyware Doctor, and MalwareBytes showed clean, I would say that the odds are quite good that the malware was blocked (presumably by Norton) from correctly installing.

          You know… I often wonder at people’s reluctance to pay (a modest sum) for protection of their (expensive) computers. To me, it’s like changing the oil on the car…

          Like

          Comment by techpaul | July 30, 2010 | Reply

          • I ran Housecall and all seems well. Will now run my Norton. With all the surfing I do, I need lots of protection. Your Blog plays a big part in my defense. Thank you !! :-)

            Like

            Comment by Kay Entwistle | July 30, 2010 | Reply

            • Kay..
              Blushing here…

              Thank you.

              Like

              Comment by techpaul | July 30, 2010 | Reply

  4. Thanks for the alert! I haven’t seen this yet, but I will be on the lookout. Question: the valid version of this page appears when Firefox is (re)started. If that’s also the case with this fake, doesn’t that mean that something malicious had previously been downloaded that, in turn, caused the fake page to come up when Firefox starts?

    Like

    Comment by IzaakMak | July 30, 2010 | Reply

    • IzaakMak,
      I, too, have not personally seen this.. but, yes, typically and “generally”, a pop-up such as this is the result of a prior action/attack. I am with Bryce at Technibble, who wrote:
      It isn’t clear from the article what causes the page to pop up in the first place, my guess is something encountered in the previous browsing session changes the homepage. The fake page can presumably be seen in any browser and it displays a recent update version of Firefox but not the most recent one. The download will try to start automatically, if it is saved and run the rogue anti-virus “Security Tool” will infect the computer. F-Secure is already blocking the website that the attack originates from and the latest database update can detect the rogue AV; otherwise the best way to avoid it would be to ignore pages like this and get updates from the source, in this case Adobe’s website.

      To see pictures of the attack (and get more details) visit the F-Secure website.

      Like

      Comment by techpaul | July 30, 2010 | Reply

      • Thanks my friend. Good advise all around!

        Like

        Comment by IzaakMak | July 30, 2010 | Reply

        • IzaakMak,
          The folks at F-Secure get a tip of my geek hat on this one fersher.

          Like

          Comment by techpaul | July 30, 2010 | Reply

  5. I got this and being the careful guy I am anyway, went to the adobe site to download and I was already up to date. I didn’t give it two thoughts that it was FAKE! I would bet there will be thousands who get duped by this. It looks legit and fooled me.

    Like

    Comment by g | July 30, 2010 | Reply

    • g,
      Thank you for your “testimonial”. There’s a few lessons there for those who read it.

      Like

      Comment by techpaul | July 30, 2010 | Reply

  6. Another good reason why we should consider using sandboxed browsers. These drive-by downloads can often be prevented by using virtualization software like Sandboxie..

    Let’s go Virtual.

    Like

    Comment by Ranjan | July 31, 2010 | Reply

    • Ranjan,
      Your expressed opinion is right in line with many in the security field. (Personally, I would rather address the disease.) There are several “consumer grade” virtualization tools available to us already.

      The one I use and recommend is Sandboxie. Which I wrote about not too long ago… click here

      Like

      Comment by techpaul | July 31, 2010 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: