JonD
Max Output Level: -39 dBFS
- Total Posts : 3617
- Joined: 2003/12/09 11:09:10
- Location: East of Santa Monica
- Status: offline
Fake Update Notice in Firefox
If you're suddenly redirected in Firefox to an orange screen that says Critical or Urgent Update, don't click on it! IT'S FAKE! (Malware). https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696 ** Don't follow the instruction in the article to click "Cancel". The page is coded by the malware writers so clicking anywhere on it is dangerous. I'm frankly shocked that Mozilla would advise this. Better to close the tab in Firefox, then open another tab and clear your cache/history.
SonarPlat/CWbBL, Win 10 Pro, i7 2600K, Asus P8Z68 Deluxe, 16GB DDR3, Radeon HD5450, TC Electronic Impact Twin, Kawai MP11 Piano, Event ALP Monitors, Beyerdynamic DT770 Pro, Too Many Plugins, My lucky hat.
|
azslow3
Max Output Level: -42.5 dBFS
- Total Posts : 3297
- Joined: 2012/06/22 19:27:51
- Location: Germany
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/14 12:41:57
(permalink)
JonD ** Don't follow the instruction in the article to click "Cancel". The page is coded by the malware writers so clicking anywhere on it is dangerous. I'm frankly shocked that Mozilla would advise this.
I think in this particular case the dialog is "real", I mean it could appear after clicking on "Update now". In such case "Cancel" or "X" are the same. But in general, since malware sometimes "imitate" system dialogs in normal web pop-up, the advise is good. In practice, till the version of the browser is old and has huge security halls or settings are bad, at some point real system dialog appears to ask you what to do with downloaded file. Since we have got such problem at work (throw e-mail) and that was an encrypter, I have analyzed how it works. That was really JS file, random modified (and so not detected by antiviruses), which using a standard for Windows JS API was starting standard for Windows PowerShell, disabling all future security checks (standard for Windows way, no hacks...), downloading REAL virus from the internet and executing it... I repeat, no hacks, no exploits, everything legit. Is that not funny?
Sonar 8LE -> Platinum infinity, REAPER, Windows 10 pro GA-EP35-DS3L, E7500, 4GB, GTX 1050 Ti, 2x500GB RME Babyface Pro (M-Audio Audiophile Firewire/410, VS-20), Kawai CN43, TD-11, Roland A500S, Akai MPK Mini, Keystation Pro, etc. www.azslow.com - Control Surface Integration Platform for SONAR, ReaCWP, AOSC and other accessibility tools
|
JonD
Max Output Level: -39 dBFS
- Total Posts : 3617
- Joined: 2003/12/09 11:09:10
- Location: East of Santa Monica
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/14 14:47:38
(permalink)
azslow3
JonD ** Don't follow the instruction in the article to click "Cancel". The page is coded by the malware writers so clicking anywhere on it is dangerous. I'm frankly shocked that Mozilla would advise this.
I think in this particular case the dialog is "real", I mean it could appear after clicking on "Update now". In such case "Cancel" or "X" are the same. But in general, since malware sometimes "imitate" system dialogs in normal web pop-up, the advise is good.
I know what you're saying, but you should probably clarify to the forum whose "advice is good" -- mine or mozilla's.
SonarPlat/CWbBL, Win 10 Pro, i7 2600K, Asus P8Z68 Deluxe, 16GB DDR3, Radeon HD5450, TC Electronic Impact Twin, Kawai MP11 Piano, Event ALP Monitors, Beyerdynamic DT770 Pro, Too Many Plugins, My lucky hat.
|
pwalpwal
Max Output Level: -43 dBFS
- Total Posts : 3249
- Joined: 2015/01/17 03:52:50
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/14 15:04:55
(permalink)
for firefox, use the noscript (blocks javascript until you whitelist the site, javascript being the biggest security issue on the web) and adblock (blocks ads until you whitelist them, preventing delivery of malware via ads as well as just blocking that invasive ****) add-ins, then just go right ahead and surf with confidence, maybe noticing along the way how much externally-linked stuff commercial sites have hidden away there...
|
azslow3
Max Output Level: -42.5 dBFS
- Total Posts : 3297
- Joined: 2012/06/22 19:27:51
- Location: Germany
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/14 15:19:12
(permalink)
JonD
azslow3
JonD ** Don't follow the instruction in the article to click "Cancel". The page is coded by the malware writers so clicking anywhere on it is dangerous. I'm frankly shocked that Mozilla would advise this.
I think in this particular case the dialog is "real", I mean it could appear after clicking on "Update now". In such case "Cancel" or "X" are the same. But in general, since malware sometimes "imitate" system dialogs in normal web pop-up, the advise is good.
I know what you're saying, but you should probably clarify to the forum whose "advice is good" -- mine or mozilla's.
Your advice is definitively better
Sonar 8LE -> Platinum infinity, REAPER, Windows 10 pro GA-EP35-DS3L, E7500, 4GB, GTX 1050 Ti, 2x500GB RME Babyface Pro (M-Audio Audiophile Firewire/410, VS-20), Kawai CN43, TD-11, Roland A500S, Akai MPK Mini, Keystation Pro, etc. www.azslow.com - Control Surface Integration Platform for SONAR, ReaCWP, AOSC and other accessibility tools
|
BassDaddy
Max Output Level: -33 dBFS
- Total Posts : 4232
- Joined: 2012/12/31 13:55:58
- Location: I'm an American. From America!
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/14 15:24:39
(permalink)
Don't use Firefox but I am still grateful for posts like these. Thanks for letting us know about this.
It's Bass, not Bass. i7 2700K, 16GB DDR3, 2 SSD sample drives and OS drive, HDD SATAIII for projects, 2 24" monitors Focusrite Saffire Pro 24, Focusrite VRM Box, LAVA Lamp, SONAR Platinum 64 bit, Mackie MCU and 1 MCU XT, Akai Advance 49, Windows 10, Komplete 9 Ultimate, Cakewalk, Toontrack, IK, AAS, XLN, UVI, Air Music Tech, Waves Factory, Sample Tek and Sonivox VSTi's. Overloud, T-Racks, Audio Damage, D16, Nomad Factory, Waves Gold FX
|
abacab
Max Output Level: -30.5 dBFS
- Total Posts : 4464
- Joined: 2014/12/31 19:34:07
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/21 19:56:09
(permalink)
I got this notice a couple of months ago, and it looks real! I had left the room for a few minutes while my Firefox browser was running with the active tab on my favorite commercial weather site showing current conditions. This page refreshes to push new data every few minutes. When I walked back into the room I noticed that it had navigated to a new page. All by itself. Highly unusual behavior, so it was immediately suspect. After looking it over, I hit the power off switch on my power supply. Done! This weather website is on my whitelist of trusted websites to run scripts. To support the website as a regular user, I had recently started allowing the site to display ads by whitelisting the site in my adblocker. Seems that was a mistake... no more ads! So then I researched this particular fake update and ran across the same info as the OP has linked above. Since this is a "malvertising" exploit, I can only assume that the website's 3rd party ad broker unknowingly cycled a "bad" display ad into my active web page on a refresh, which redirected the browser to the exploit page. Hmm...
DAW: CbB; Sonar Platinum, and others ...
|
pwalpwal
Max Output Level: -43 dBFS
- Total Posts : 3249
- Joined: 2015/01/17 03:52:50
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/21 20:13:36
(permalink)
|
abacab
Max Output Level: -30.5 dBFS
- Total Posts : 4464
- Joined: 2014/12/31 19:34:07
- Status: offline
Re: Fake Update Notice in Firefox
2017/03/21 20:28:44
(permalink)
pwalpwal
abacab This weather website is on my whitelist of trusted websites to run scripts. To support the website as a regular user, I had recently started allowing the site to display ads by whitelisting the site in my adblocker. Seems that was a mistake... no more ads!
this does happen quite a bit, eg, http://www.networkworld.com/article/3021113/security/forbes-malware-ad-blocker-advertisements.html be safe out there!
Right! I have no problem with a site trying to stay in business and avoid a subscription paywall, by feeding me unobtrusive advertising. But I do draw the line at being fed malware infected ads. Seems that the advertising and publishing industries are killing their goose that laid a golden egg, if they don't step up and fix the problem. Maybe start with a more effective screening process for their ads. Cases like Forbes shows that the industry is still tone deaf to the real problem. "This problem is not with Forbes, it's their ad network's responsibility. Forbes is operating on trust that its ad providers are keeping their networks clean, and they clearly aren't if Forbes, DailyMotion, MSN, Yahoo, plus that bastion of clickbait, the Daily Mail, are all getting hit in a short period of time." They think most user running ad blockers just to make the ads to go away. What this malvertising issue is doing is causing lots of folks to stop trusting ads, period. Once that trust is broken, good luck getting it back! Just "trust us", they say!!!
DAW: CbB; Sonar Platinum, and others ...
|