Wednesday, November 28, 2012

Cybercriminals Setup Fake Update Pages for Chrome, Firefox & IE

Firefox - Chrome - IEDo you know how to update your web browser?

One of the nice things about Google Chrome is that it automatically updates whenever a new browser version is detected.

Aside from that, you can manually check for updates by clicking the Menu icon and selecting ‘About Chrome’. If there are any updates found, it will download them automatically and install them whenever you decide to restart your browser.

Firefox is pretty much the same, as well as Opera.

Internet Explorer is a bit different as it usually involves downloading another browser, like Firefox or Chrome. – Just kidding! Internet Explorer 9 updates are provided via Windows Updates.

And yes, knowing how to update your web browser is important.

Aside from running the risk of having a browser vulnerability exploited in a cyber-attack, there’s always the chance of you downloading malware posing as a browser update.

StopMalvertising warns that cybercriminals have launched new phishing schemes using malvertisements and fake browser update webpages in hopes of tricking you into downloading malware onto your computer.

The risk of falling for a phony browser update page is present regardless if you use Firefox, Chrome or Internet Explorer. The pages are set to detect your browser of choice & customize the content just for you:

Firefox, Chrome & IE Update Pages

Screenshot Credit: StopMalvertising

In the event that the script cannot determine which browser you’re using, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download.

A VirusTotal scan of the file served in the attack, index.exe found that it is actually Trojan:Win32/Startpage.UY.

Once it infects your machine, Trojan:Win32/Startpage.UY will change your browser’s homepage. While that may seem harmless, it’s important to note that TrendMicro’s analysis of this attack found that the updated home page may “host other malicious files that can further infect [your] system.”

One of the things that set this particular batch of fake browser update pages apart from the ones we saw back in January is the fact that these new pages pose a threat to mobile users as well.

Although it does not appear that payloads targeting smartphones are served, StopMalvertising noticed JavaScript on the site that will display pop-ups and notifications asking for your mobile phone number. Providing such information to a scammer can be a costly mistake as they won't think twice about signing you up for expensive SMS services, so don't do it!

How to Avoid Falling for Fake Browser Update Phishing Schemes

So now that you know the risks, what can you do to avoid becoming a victim?

  • Always use your web browser’s built-in update mechanism or download updates from a legitimate source (like the vendor’s official website).

  • Always run antivirus software that offers real-time scanning and always scan downloaded files before opening them.

  • Remain vigilant when surfing the web and do your best to avoid suspicious links or website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment