Malware Pushers Abuse Firefox Warning Page


This is a pretty neat attack from the malware pushes leveraging on the ignorance of the average user – which in all honestly is a safe bet most of the time! You could consider it a Social Engineering attack as it’s taking something that’s familiar and changing it to deliver malware.

I’m sure all the Firefox users reading have at some point or another been faced with the warning screen that tells you a site is not safe to visit, the red page which states in big white letters “Reported Attack Page!”.

Hackers have subverted warnings generated by Firefox about dangerous sites to punt fake anti-virus portals.

Surfers straying onto a web page offering the “Security Tool” rogue anti-virus are offered a warning page that convincingly mimics the genuine Firefox block page. The site offers supposed updates for Mozilla’s technology that are actually scareware packages.

If Windows users apply these updates they will be falsely warned that their system is infected and continuously nagged into buying worthless scareware packages that serve only to line the pockets of cyber-scammers.

The rogue application will automatically attempt to install itself on the machines of prospective marks in cases where scripts are enabled, net security firm F-Secure warns.

Personally I’d say this attack would be pretty effective, my only question would be – how would the user land on that site in the first place? I guess through the normal channels (e-mail spam, facebook wall worms and so on).

After landing the user would realize they’ve been spammed/scammed and see the Firefox warning…then download the ‘security update’ and install it – unknowingly pwning themselves in the process.


Firefox’s genuine attack warning technology is all server-side and never requests that users download updates. The attack relies, in part, on the ignorance of the majority of potential victims on this point.

The attack is a rare but not unprecedented attempt by malware slingers to use Firefox features to push their wares. Previous attacks by the same gang have involved tricking users into downloading scareware in the guise of a supposed Firefox/Flash update.

The malware is offered from a page designed to trick Firefox users into thinking their browser software has just been updated but that they still need to apply a Flash Player patch, which is actually a rogue anti-virus installation utility. The sneaky tactic, first spotted back in July, is explained in more detail in a blog post by F-Secure.

It just goes to show the bad guys are pretty creative when it comes to new ways to trick people into installing their malware, I wonder what we’ll see next?

The full entry by F-Secure can be seen here:

Reported Attack Site! – Security Tool’s Latest Trick

Source: The Register

Posted in: Malware, Social Engineering, Spammers & Scammers

, , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


One Response to Malware Pushers Abuse Firefox Warning Page

  1. Jeff Singleton October 22, 2010 at 2:20 am #

    “The attack relies, in part, on the ignorance of the majority of potential victims on this point.”

    Yep…Nailed it with that one sentence!