Bogus "browser update" pages deliver malware
Posted on 30.01.2012
Fake "browser update" pages are currently being used to deliver malware and redirect users to survey pages, warns GFI.

Their malware researchers have recently discovered a number of website hosting these pages, which contain a warning about the users' browser being out of date, a Firefox or Chrome logo to reassure the potential victims and the fake "system scan" progress bar that is often used by fake AV pushers:

The pages - located at vkernel(dot)org, aveonix(dot)org, smolvell(dot)org, stocknick(dot)org - are not able to detect what browser the users use and serve either a Firefox or Chrome themed fake update warning.

Once the progress bar finishes loading, Firefox users are asked to download a malicious file named update.exe, while Safari automatically downloads the file.

"Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe," say the researchers. "When app.exe runs, an Internet browser window/tab opens in order to direct users to various survey pages. Based on multiple tests, minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate."

Users are warned to be careful when being presented similar pages. The aforementioned four are still online, but there might be others. In any case, it's always best to update your browser by using the updating mechanism it contains.


(IN)SECURE Magazine issue 45 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Mar 4th