Malware attempting a new trick

thathagat

thathagat

Devil's advocate
Guru
Local time
1:59 AM
Messages
268
watch out for firefox warnings............:eek:

Reported Attack Site! - Security Tool's Latest Trick

Riding on Firefox's ability to block attack sites, Security Tool, a rogue antivirus application, is attempting a new trick. It wasn't too long ago when it utilized the Firefox Update Flash feature to push its wares.
This time, when an unsuspecting user visits the page, it gets a very authentic-looking Firefox block page
Click to expand...
 

My Computer

OS
windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
Thanks for the warning...
 

My Computer

Computer Manufacturer/Model Number
XGS PII Dragon "Asus"
OS
windows 7 Pro x64
CPU
AMD Phenom II X4 955 Deneb 45nm Technology
Motherboard
ASUSTeK Computer INC. M4A78 PRO (AM2)
Memory
8.0GB Dual-Channel DDR2 @ 401MHz (5-5-5-18)
Graphics Card(s)
ATI Radeon HD 4800 Series (ATI
Sound Card
VIA High Definition Audio
Monitor(s) Displays
DELL 1908FP @ 1280x1024
Screen Resolution
1280x1024
Hard Drives
977GB SAMSUNG SAMSUNG HD103SI ATA Device (IDE)
Keyboard
HID Keyboard Device
Mouse
HID-compliant mouse
Internet Speed
2 Mb/s so far...
Thanks for the warning from me too!

-DG
 

My Computer

Computer Manufacturer/Model Number
HP m8000n
OS
Windows 7 Ultimate x86
CPU
DualCore AMD Athlon 64 X2, 2600 MHz 5200+
Motherboard
Asus M2N68-LA (Narra)
Memory
Samsung 2GB DDR2
Graphics Card(s)
Onboard NVIDIA GeForce 6150SE nForce 430
Sound Card
Onboard nVIDIA nForce 6100-430 (MCP61P)
Monitor(s) Displays
Westinghouse 19" LED
Screen Resolution
1280x1024
Hard Drives
SATA II Seagate Barracuda 500GB
USB II WD Elements 500GB
USB II WD My Book 1TB
USB II WD My Book 2TB
PSU
Stock (HP)
Case
Stock (HP)
Cooling
Stock
Keyboard
Logitech Classic KB 200
Mouse
Standard HP opticle USB mouse
Reported Attack Site! - Security Tool's Latest Trick

Riding on Firefox's ability to block attack sites, Security Tool, a rogue antivirus application, is attempting a new trick. It wasn't too long ago when it utilized the Firefox Update Flash feature to push its wares.

This time, when an unsuspecting user visits the page, it gets a very authentic-looking Firefox block page.

1-blockpage.PNG


But, this is no ordinary block page. It is special in the sense that it offers a download that you can install to update your browser!

2-blockpagewithsaveas.PNG


Brilliant right? So yeah, an unsuspecting user may end up downloading the ff_secure_upd.exe file and installing the rogue AV.

Actually… If scripts are enabled in your browser, you don't even need to click on the "Download Updates!" button. It will just offer the Rogue to you:
Click to expand...
More -
Reported Attack Site! - Security Tool's Latest Trick - F-Secure Weblog : News from the Lab
 

My Computer

Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
thanks for posting this i recently started using firefox i really wasn't interested but im enjoying the speed ebenfits especially playing texas hold'em poker

I will defently look into that
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
CoreI7-6700K MrFingerIII Special Builds
OS
Windows 10 Home Premium 64bit sp1
CPU
Intel I7-6700K @ 4.6 Ghz 1.344 volts everyday OC
Motherboard
Asrock Fatality K6 Z170 Socket 1151
Memory
32GB G-Skill TridentZ 3200mhz 16-18-18-38 DDR4
Graphics Card(s)
Sli Gigabyte Windforce GTX 980 G1
Sound Card
AC97 Creative Rage Tactic 3D Headphones Bluetooth
Monitor(s) Displays
27" Asus ROG Swift PG278Q G-Sync 48" Vizio Smart HD TV
Screen Resolution
2560x1440p 27"- 48" Currently Gaming at 2560x1440p Res 2K
Hard Drives
250GB Samsung Evo840SSD Seagate baracuda 500 GB WD Mybook 500Gb 1TB Seagate Barracuda
PSU
HX1050w Corsair Silver 80plus certified crosfire/sli
Case
Enthod Pro Full Tower
Cooling
Corsair H110i GT 280 mm High Performance WaterBlock
Keyboard
Logitech wireless keyboard
Mouse
Logitech wireless mouse
Internet Speed
Cox Cable 100+ mb
Antivirus
WebRoot Spysweeper with Antivirus
Browser
IE-10, Chrome, Opera
Other Info
My Other Rig is a AMD FX8320E @4.6Ghz 16GB Ballistic Sport Ram
Mobo Asrock Fatality 990FX 120GB OCZ SSD 1TB Seagate Barracuda Corsair H75 Cooling PSU Corsair CX750
GPU GTX Gigabyte 970G1
Looks vaguely familiar.
 

My Computer

Computer Manufacturer/Model Number
HP Pavillion dv-7 1005 Tx
OS
Win 8 Release candidate 8400
CPU
[email protected]
Memory
4 gigs
Graphics Card(s)
Nvidia 9600M
Sound Card
HD built-in
Monitor(s) Displays
17" Wxga
Screen Resolution
1440x900
Cooling
none
Internet Speed
45Mb down 5Mb up
Those damn sneaky heads!

Thx for the tip.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 10 Professional 64-bit
CPU
Ryzen 9 5900X
Motherboard
Gigabyte X570 Aorus Master
Memory
G.Skill 3600Mhz CL16 16GB × 4
Graphics Card(s)
EVGA GeForce RTX 3070 Ti FTW3 Ultra Gaming
Sound Card
On-board
Monitor(s) Displays
Dell Alienware AW3418DW
Screen Resolution
3440x1440
Hard Drives
1×Sabrent Rocket 4 Plus 2TB nvme SSD (System, internal)
2x4TB Western Digital Blue (Internal)
1x4TB HDST 7200RPM (Internal)
PSU
Seasonic Focus Plus 850W Platinum
Case
Corsair 680X
Cooling
Stock fans + 3× Corsair QL120, Corsair H100i Platinum
Keyboard
Logitech K350
Mouse
Logitech M510
Internet Speed
120Mbits dl - 20Mbits up
Antivirus
ESET NOD32 Antivirus
Browser
Firefox (latest version)
Other Info
Headphones : Audio-Technica ATH-M50x
Scanner : Canon Canoscan LiDE 220 + Plustek OptiBook 4800
notice none of the examples are using windows 7. I don't think those rogues are much of a threat to any but the dumbest of 7 users.
 
Public hangings is in order here. Thanks for the update.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Hah, clever, but I don't use that block feature, it gets in my way.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 8 Professional 64-bit
CPU
Intel Core i3-2100
Motherboard
ASRock Intel Z68M/USB3
Memory
4GB
Graphics Card(s)
GeForece GTX 550 Ti
Screen Resolution
1680 x 1050
PSU
750w
My friend came across that webpage at school. I dont know how because he was just on Google because it just popped up. Anyway we tried to navigate away from the page but Firefox froze and crashed. After that he just reopened Firefox and it worked fine. I have no idea if the malware made it on to the network because the computer worked fine after the attack.
 

My Computer

Computer Manufacturer/Model Number
Self-built on 31/1/11
OS
Windows 7 Ultimate 64 bit
CPU
Intel i5 2400 @ 3.80 GHz
Motherboard
Ashrock P67 Extreme 4
Memory
Mushkin Silverline 996768 4GB
Graphics Card(s)
MSI GTX 460 760MB Cyclone Overclocked
Sound Card
Integrated
Monitor(s) Displays
Asus VH202T 20" Widescreen
Screen Resolution
1600x900
Hard Drives
SSD: OCZ Vertex 2 60GB
HDD: Hitachi Deskstar 7K1000.C 500GB
PSU
Silverstone Strider 500W
Case
Zalman Z9 Plus
Cooling
Cooler Master Hyper 212 Plus
Keyboard
Logitech Wireless Keyboard MK520
Mouse
Logitech M310
Internet Speed
3 Mbps
Other Info
UEFI: Ashrock P67/
Network Card :TP-Link WN350GD/
WEI: 7.4/
ODD: Lite-On IHAS324

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba A500-ST6621
OS
7 Ultimate x64, Vista Ultimate x64, 7 Pro x64, XP Pro x86, Linux Mint Nadia Cinnamon
CPU
Intel Core 2 Duo T9600 2.80GHz x64
Motherboard
Intel GM45 chipset
Memory
8GB
Graphics Card(s)
ATI Mobility Radeon HD 4650
Sound Card
N/A
Monitor(s) Displays
single 16:9 widescreen (1366x768)
Hard Drives
Hitachi Travelstar 7K750 5400RPM 750GB
Keyboard
standard Toshiba backlit keyboard w/ numberpad
Internet Speed
N/A
I saw one

I saw one of these the other day.

I thought that it was strange because it included a link for AV software.
I didn't go to the site or click on the link.

This would be a "great" way to hold web sites hostage.
Instead of flooding their server, you make this warning appear and lots of people won't go to the site. :mad:
"Pay us to fix your web site."
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
You must log in or register to reply here.
Back
Top