Fake Firefox update includes Trojan

09 August 2011

Scammers are attempting to trick Firefox users into downloading backdoored software via spam emails that supposedly advertise an "update" to the open-source browser.

A run of spam emails circulating over the weekend all include links to a download that bundles together a Mozilla Firefox 5.0.1 installer and a password-stealing Trojan horse. As a social engineering ruse it is about as subtle as a brick in the head, but there just may be enough credulous users out there to make the scam work. In reality, Firefox automatically updates itself, a point scammers obviously hope prospective marks do not know.

Scams of this type first punted Microsoft security updates but, over time, they have diversified to embrace a wider range of targets.

Net security firm Sophos detects the malware punted via the fake Firefox attack as Troj-PWS-BSF. It also detects the browser/malware bundle. Other vendors can be expected to follow suit.

A write-up of the scam, complete with extracts of the offending email, can be found in a blog post by Sophos here.

Source: The Register

TrackBack URI for this entry

Comments (0)

Subscribe to this comment's feed

Show/Hide comments

Show/Hide comment form

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (Registered users only)

I have read and agree to the Terms of Usage.

Write the displayed characters

Add Comment