<<<
NEWS FROM THE LAB - Wednesday, July 28, 2010
>>>
 

 
Rogue AV Masquerades as a Firefox/Flash Update Posted by Response @ 08:48 GMT

It seems that rogue peddlers have gotten tired of their old tricks in pushing rogueware into the user's system. It used to be a fake scanning page, that leads to a warning, then a fake AV.

Now, it comes as the Firefox "Just Updated" page. You know that page that instantaneously appears right after you update your Firefox browser? And you open Firefox for the first time? Just like that. But with a catch of course. There is a message telling the user than even if their Firefox got updated, their Adobe Flash Player isn't. So they still have to update. Pretty helpful…

Firefox Update

And the user doesn't need to click anything, the download dialog box immediately appears as soon as the page loads…

Binary

When the user runs the file… Bad old rogue AV…

Security Tool

Somehow the rogue guys couldn't decide if it's going to be Firefox or Flash Player… so it became a little bit of both.

Note: The malicious site is already blocked and the rogue is detected in our latest database updates.

Response post by — Mina & Christine