Fake Browser Warning Pages Distribute Malware
Security researchers warn that a new malware distribution campaign uses fake versions of the malicious site warnings commonly displayed by Firefox and Google Chrome.
Both Chrome and Firefox tap into Google’s Safe Browsing service in order to check if the accessed URLs are known attack sites.
If such malicious pages are detected, both browsers block them and display warning messages.
In such circumstances users are normally given the option to either leave the site or override the block and continue to load the page.
The pages look exactly the same as the real thing, except for a button that reads “Download Updates,” suggesting that security patches are available for the browsers.
The executable files served when these buttons are pressed install rogue antivirus programs, which try to scare users into paying a license fee.
Such attacks target vulnerabilities in outdated versions of popular software like Java, Flash Player, Adobe Reader or even the browsers themselves.
Successful exploitation results in malware being installed on the target computer in a way that is completely transparent to the victim.
Users are advised to keep their antivirus programs up to date and if possible to use script-blocking technologies available to their browsers, such as the NoScript extension for Firefox.
adapted via news.softpedia.com