RSS Alerts

Related Links

  • Mozilla
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Mozilla moves swiftly to patch SSL loophole in Firefox
    Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week.
  • Firefox' reputation takes a battering on the security front
    The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls.
  • Internet Explorer, Firefox and Safari hacked within hours
    This year's CanSecWest, held in Vancouver, British Columbia, opened on Wednesday, with the main focus of the cracking contest being on mobile phones.
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Fake virus, worm and malware alerts target online shoppers
    With Thanksgiving out of the way in the US, and monthly salary earners having just been paid, online shopping has been soaring this week but, says Webroot, the IT security vendor, criminal malware authors are now targeting e-shopping in earnest with a variety of attacks.

News

Fake Mozilla Firefox download email fools users

05 February 2010

The Mozilla Foundation, the organisation behind the popular Firefox web browser application, has issued a warning of a fake update email doing the rounds

The email, which purports to route to an update of the browser – which has been downloaded by several tens of millions of PC users worldwide since the last update on January 21 – actually routes to an adware-infested site.

According to Firefox user forum reports, the 'update site' is a very clever forgery that can fool even the most experienced Windows users.

Mozilla is recommending that users of Firefox do not respond to update emails directly and instead go to the main update page routed in the help menu dropdown on their browser, and update from there.

The fake email can also be spotted by the fact that the landing page advertises Firefox v3.5, when the latest version is actually v3.6, and there are mis-spellings – such as the words `anti-pishing' in the header of the message.

The adware-infested landing page routes to a Hotbar download from Pinball Corporation, previously known as Zango, which, whilst ostensibly allowing users access to direct links to a variety of useful pages, also reportedly bombards them with pop-up ads.

The reasoning behind the fake Firefox 'update' emails is that pay-per-install affiliate schemes can pay as much as a dollar per install for adware-driven apps such as Hotbar, which in turn generate revenue from pay-per-click advertisers.
 

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water