Tuesday, January 31, 2012

Cybercrooks Spreading Malware via Fake “Browser Update” Pages

Would you believe a random website that stated your browser was out of date and prompted you to download the update from them?

It appears that cybercriminals are placing their bets that some of you would.

Researchers over at GFI Labs recently came across a series of bogus browser update pages that warn users upon visit that their browser is out-of-date and pretend to run a “system scan” before asking the user to download a malicious file named “update.exe.”

Fake browser pages for Internet Explorer, Firefox, and Chrome“Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe.” researchers at GFI Labs wrote.

During the analysis, researchers found that app.exe opens browser windows/tabs with random surveys, connects to a remote server in order to download random programs (some malware, some not) and starts when Windows does.

The fake browser updates are currently shown on the following websites:

  • aveonix[dot]org

  • vkernel[dot]org

  • smolvell[dot]org

  • stocknick[dot]org

  • webiqu[dot]org

  • dextler[dot]org

Other domains that are not listed may be included in the scam.

An easy way to spot the sites involved is by the shared content:
 “Attention! Your browser is out of date. We recommend to update it. The new browser version will protect your computer from different internet-dangers and make it safer.”

Users are warned not to download browser updates from unknown or untrusted sources and to use the browser’s built-in update feature in order to verify that they’re running the current version of their browser or download updates as needed.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment