Warning out vs 'browser update' malware

Computer users were warned Saturday (Manila time) against new malware posing as so-called updates for their browsers.

 

Security firm GFI Labs said the latest batch of malware is hosted on a "dot-org" site that serves as a scam launchpad.

 

"(It) notifies users/visitors that their '…browser is out of date. We recommend to update it. The new browser version will protect your computer from different internet-dangers and make it safer,'" it said in a blog post.

 

GFI said the notice contains the logo of Mozilla's Firefox browser, and the familiar “webpage supposedly scanning your system” splash similar to rogue AV pages.

 

The notice then prompts users to install the malicious file, update.exe, which GFI Labs detects as Trojan.Win32.Generic!BT.

 

"Running this executable allows the download and installation of a program called Driver, which creates a folder named Driver before dropping two files in it: uninstall.exe and app.exe."

 

It said the app.exe file is malicious and is detected as Trojan-Spy.MSIL.Popclik.A.

 

When app.exe runs, an Internet browser window/tab opens to direct users to various survey pages.

 

Minutes after the said pages load, this executable connects to various websites to download and install random programs, some of which may be legitimate.

 

"(The file) app.exe executes whenever the infected system starts Windows, enabling it to download and install new programs that are potentially harmful to the already infected system," GFI said. — TJD, GMA News