Bogus "browser update" pages deliver malware
Posted on 30.01.2012
Fake "browser update" pages are currently being used to deliver malware and redirect users to survey pages, warns GFI.

Their malware researchers have recently discovered a number of website hosting these pages, which contain a warning about the users' browser being out of date, a Firefox or Chrome logo to reassure the potential victims and the fake "system scan" progress bar that is often used by fake AV pushers:

The pages - located at vkernel(dot)org, aveonix(dot)org, smolvell(dot)org, stocknick(dot)org - are not able to detect what browser the users use and serve either a Firefox or Chrome themed fake update warning.

Once the progress bar finishes loading, Firefox users are asked to download a malicious file named update.exe, while Safari automatically downloads the file.

"Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe," say the researchers. "When app.exe runs, an Internet browser window/tab opens in order to direct users to various survey pages. Based on multiple tests, minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate."

Users are warned to be careful when being presented similar pages. The aforementioned four are still online, but there might be others. In any case, it's always best to update your browser by using the updating mechanism it contains.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th