Bogus “browser update” pages deliver malware

Fake “browser update” pages are currently being used to deliver malware and redirect users to survey pages, warns GFI.

Their malware researchers have recently discovered a number of website hosting these pages, which contain a warning about the users’ browser being out of date, a Firefox or Chrome logo to reassure the potential victims and the fake “system scan” progress bar that is often used by fake AV pushers:

The pages – located at vkernel(dot)org, aveonix(dot)org, smolvell(dot)org, stocknick(dot)org – are not able to detect what browser the users use and serve either a Firefox or Chrome themed fake update warning.

Once the progress bar finishes loading, Firefox users are asked to download a malicious file named update.exe, while Safari automatically downloads the file.

“Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe,” say the researchers. “When app.exe runs, an Internet browser window/tab opens in order to direct users to various survey pages. Based on multiple tests, minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate.”

Users are warned to be careful when being presented similar pages. The aforementioned four are still online, but there might be others. In any case, it’s always best to update your browser by using the updating mechanism it contains.