Jump to content

Firefox Patch Malware

EdE1949
 Share

Recommended Posts

EdE1949

EdE1949

Posted
Posted

I and others are receiving a full screen popup window in Firefox (47.0.1) indicating that there is an emergency Firefox security patch that needs to be downloaded. The download window shows an https:// address with a binary file typically in the mid 300k size. A search on whois shows the address to be bogus. Norton Security Suite, Malwarebytes and M-AntiExploit are not picking up on this. I have noticed this twice so far and each time the "download" address and size is different. Are you aware of this problem and is mediation in the works? I've attached a copy of one of the download links. Thanks.

7-3-2016 8-42-48 AM.jpg

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted (edited)

That is Social Engineering.  While Social Engineering is the Human Exploit, MBAE targets software exploits.  As far as the functionality of the site is concerned, it is normal and not using software exploitation in a part of its malvertisement process.

However, Malwarebytes' Anti-Malware (MBAM) targets firefox-patch.exe and it should detect the file.  Prior versions...

MBAM detects as "Trojan.Injector"
https://www.virustotal.com/en/file/71d4221efe4948e9d276c29313f15f637bb38104b4bffbb824ff2951fce1247c/analysis/

MBAM detects as "Trojan.Kovter"
https://www.virustotal.com/en/file/57b6b34dd4e78ed865319cf449c6292969462d24354b6c4f1186806c77b6500c/analysis/1467992523/

MBAM detects as "Ransom.Cerber"
https://www.virustotal.com/en/file/83a1b453180dd7ebbf9d47283312cf4e216a132f70df5a6bcc9bbb5eb997d1b8/analysis/

MBAM detects as "Trojan.PasswordStealer
https://www.virustotal.com/en/file/bdafdac006f239a5cafbd6ca8f82ae132ca80056b796f03c85f4b744b1871bfa/analysis/1467252911/

MBAM detects as "Backdoor.Cerber"
https://www.virustotal.com/en/file/96219c4161a0d8b3f90e4d4032da6299d8bb7200a3c53874d4b2a6e2219b603c/analysis/1467339301/

 

If you find an undetected sample then please submit it in  Newest Malware Threats  after reading the following on how to provide sample submissions such that MBAM can detect targeted but presently undetected threats.

Malware hunters please read
Purpose of this forum
Malware Hunters group
 

 

Edited by David H. Lipman
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.