Fake Browser Update Websites Serve Malicious Trojans

According to GFI Software, phony websites offering "browser upgrades" are presently getting utilized for serving malicious software and diverting end-users onto survey sites, so reports Help Net Security on January 30, 2012.

Recently, the company's researchers spotted one website, which particularly dupes Firefox users in a way that they willingly download a so-called upgrade of their Web-browser. Also, according to them, the notification consists of the logo used to indicate the Firefox browser from Mozilla as also the known website, falsely scanning the end-user's computer, displays web-pages similar as fake anti-virus sites.

However, thee web-pages, belonging to aveonix(dot)org, vkernel(dot)org, stocknick(dot)org or smolvell(dot)org, can't determine the browser a site visitor uses, while present a bogus update alert related to Chrome/Firefox.

Moreover, these web-pages encourage the user for pulling down an executable file that GFI Software identified as Trojan.Win32.Generic!BT. When this Trojan is installed, fresh tabs or windows pop up within the browser, which take the user onto various survey sites.

Meanwhile, an end-user who runs the executable file lets the download as also planting of software named Driver that opens certain 'Driver' folder where it includes 2 files -app.exe and uninstall.exe. The app.exe, which the GFI investigators identified as Trojan-Spy.MSIL.Popclik.A, is actually malicious.

If run, the executable leads users onto different survey sites through newly-created tab/window in the Web-browser. And soon as these sites load, app.exe links up with different websites for pulling down and deploying random software, including legitimate software, GFI notes.

Indeed, during 2010, Symantec detected one same type of fake-browser update campaign, wherein Chrome and Firefox update alerts popped up perforce through a dialog window. If downloaded, the .exe file appeared similar to a Security Tool which really was rogue AV software exhibiting inflated pop-ups.

Praveen Vashishtha, researcher at Symantec wrote that incase savvier Web-surfers didn't download the misguiding .exe file, in that situation, the websites through several redirects landed them on a malevolent site, which hosted the notorious Phoenix attack toolkit. Whichbrowser.org published this on January 29, 2012.

And while suggested to remain cautious with the above kinds of web-pages/sites, users are urged for updating their Web-browsers through the update mechanism available by default.

» SPAMfighter News - 06-02-2012

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial