Bogus Flash Updates Distributed After Customized for Chrome and Firefox, Warns GFI
According to GFI the research firm, instances of attacks are ongoing wherein phony Adobe Flash software is being customized for Google's Chrome and Mozilla's Firefox, published PCMag.com dated July 11, 2011.
State the security researchers that the said attack is a foremost browser-aware operation applied for spreading the badware and seems like it targets only users of Firefox and Chrome.
The Trojan, which belongs to the 2GCash group since it emerged in July 2008, began using FakeCodec websites, Bogus Crack Serial websites and Internet Scanner Scam websites. It chiefly performed click fraud as well as hijacked search engine returns. Moreover, it's disseminated from certain Web-domain that's established via a freely-available DNS provider.
Meanwhile, the said attack has an interesting aspect. Once it occurs against users of IE, those users get diverted onto an authentic website -usa.gov, whereas users of other browsers become infected with malware.
Moreover, for users of Firefox there appears a false "what's new" web-page, which asserts that Flash Player has expired. The web-page is an imitation of one, which usually makes an appearance following a Firefox upgrading to one fresh edition and really executes a verification of whether loaded plug-ins have been updated.
Nevertheless, even with an alert that the Flash Player provided is outdated, the file produced to be downloaded is known as ff-update.exe. The two files load the identical Trojan variant of 2GCash.
And while the alert near the top margin comes genuinely from Firefox, the "Reported Attack Site" near the bottom is something F-Secure captured within the said scareware campaign that let online-crooks to make money from their malware. But, it's possible that the malware serves as an installer too especially for scareware and PDF exploits.
Remarkably, scareware attacking Firefox and Chrome users isn't something new. Such attacks occurred during October 2010 too when Firefox allowed users to hit the "OK" button for downloading the security updates supposedly from Mozilla. Incase of scripts enabled, users didn't require hitting the "Save" or "Download" button for, the existing drive-by download did the job. Further, hitting "Cancel" produced a pop-up, directing users to take down and save Firefox security updates.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 19-07-2011