Fake FF Update

Printable View

July 28th, 2010, 08:49 PM
nihil

Fake FF Update

There is a fake FireFox update doing the rounds:

http://news.yahoo.com/s/zd/20100728/tc_zd/253167

Would you buy a flash player from this man? :D
July 29th, 2010, 10:25 PM
westin

At first, I thought maybe there was an evilgrade module for it. It is amazing how much money there is in rogue AV software. I saw a report today saying that most people don't even try to contest the fraudulent charges...
July 30th, 2010, 12:15 PM
nihil

Quote:

I saw a report today saying that most people don't even try to contest the fraudulent charges...

Well, I suppose they were sucked in to start with and don't know it?

I guess there is a case for licences for paid AV vendors?
July 30th, 2010, 01:39 PM
HYBR|D

ggrrr why'd they blur out the url bar.

me keeps diggin..
July 30th, 2010, 01:50 PM
JPnyc

this is actually devilishly clever. Despicable, but clever.
July 30th, 2010, 02:03 PM
HYBR|D

Quote:

Originally Posted by JPnyc

this is actually devilishly clever. Despicable, but clever.

It's been done a few times in the past, people even go as far as submitting corrupt "Addons" and because when a developer submits an addon it automatically is allowed to be downloaded by users, but it carries a Warning message on the addon's description page, then once it's reviewed by the mozz dev's if it's found to be a "Corrupt" addon it get's removed straightaway, if it's clean then the warning message get's removed from the description page.

So the Attackers get a few hours/days to get there addon installed by as many "Victims" as they can get to install it before the addon get's pulled.

Turns out the url "Was" hxxp://www.newfirefoxonline.com :p
July 30th, 2010, 09:08 PM
nihil

I guess that is one of the "beauties" of open source..............it is based on trust?....................actually the whole of computing and the internet is as well...............

Shame about the scumbags isn't it? :mad:

Things have changed one hell of a lot since I wrote my first program in 1970:eek:
July 31st, 2010, 04:12 AM
HYBR|D

<offtopic>

What was the program Johnno? 1970.... punch cards would of been involved?
July 31st, 2010, 05:12 PM
nihil

Yes, 80 column punched cards.............you submitted your job deck and waited 3 days to see what happened? :D

The first program was converting Fahrenheit/Centigrade, and the next one was all prime numbers up to 10,000.............

No "Hello World" back then :cool:
August 1st, 2010, 03:12 AM
HYBR|D

When you submitted the deck, what was done with it? Was it put into some special machine?

What happened if there was a mistake? Would you need to start from scratch and try with a new batch of cards?

was the 3 day waiting period due to low spec input machine, or due to the que being so long?
August 2nd, 2010, 07:36 AM
Cider

Sorry to get back to the original thread Hybrid :)

How can people submit malicious addons and become immediately availble even before someone from Mozilla will test it. This is surely a huge flaw?
August 2nd, 2010, 10:38 AM
HYBR|D

hey Cider..

when browsing the addons area https://addons.mozilla.org/en-US/firefox you will notice that when the addons are approved there is a Green "Add to Firefox" button, if the "Add to Firefox" button is Yellow and has something along the lines of "Hasn't been approved by Mozilla" and caries a warning about un-signed extensions can be harmful etc etc

when there yellow it means they haven't been reviewed by Mozilla so alot of malware/spware writers are using this Timeframe to upload a malicious addon thay may or maynot work and to get as many people to install the addon before it get's Reviewed and removed from the addon site.
August 3rd, 2010, 04:00 PM
wasarus

just fake
August 4th, 2010, 07:42 AM
Cider

Quote:

Originally Posted by HYBR|D

hey Cider..

when browsing the addons area https://addons.mozilla.org/en-US/firefox you will notice that when the addons are approved there is a Green "Add to Firefox" button, if the "Add to Firefox" button is Yellow and has something along the lines of "Hasn't been approved by Mozilla" and caries a warning about un-signed extensions can be harmful etc etc

when there yellow it means they haven't been reviewed by Mozilla so alot of malware/spware writers are using this Timeframe to upload a malicious addon thay may or maynot work and to get as many people to install the addon before it get's Reviewed and removed from the addon site.

Thanks for the clarification.

Good ol opensource :)
August 4th, 2010, 08:30 PM
nihil

Hmmm,

Quote:

Good ol opensource :)

As the saying goes: "caveat emptor" (let the buyer beware).

The way I look at it, running unchecked plugins is a bit like running alpha and beta software in a production environment?................a wise person doesn't do it.

That's why we have standalone "labrats" or "crash test dummies" Load them up to their gizzards with AV and antimalware, firewall and either a sandbox or VM. Personally, as I tend to use older hardware, I go for the sandbox, as VM tends to be rather resource demanding.
August 8th, 2010, 09:42 PM
Cider

Agreed but the home user doesnt know whats happening :P

I suppose they should read the disclaimer

I get so irratated when supporting "old people" because they want to READ everything which I suppose is the correct way.