Bogus "browser update" pages deliver malware
Posted on 30.01.2012
Fake "browser update" pages are currently being used to deliver malware and redirect users to survey pages, warns GFI.

Their malware researchers have recently discovered a number of website hosting these pages, which contain a warning about the users' browser being out of date, a Firefox or Chrome logo to reassure the potential victims and the fake "system scan" progress bar that is often used by fake AV pushers:

The pages - located at vkernel(dot)org, aveonix(dot)org, smolvell(dot)org, stocknick(dot)org - are not able to detect what browser the users use and serve either a Firefox or Chrome themed fake update warning.

Once the progress bar finishes loading, Firefox users are asked to download a malicious file named update.exe, while Safari automatically downloads the file.

"Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe," say the researchers. "When app.exe runs, an Internet browser window/tab opens in order to direct users to various survey pages. Based on multiple tests, minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate."

Users are warned to be careful when being presented similar pages. The aforementioned four are still online, but there might be others. In any case, it's always best to update your browser by using the updating mechanism it contains.


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th