|
An e-mail is circulating as a FireFox Update e-mail which appears to be from Mozilla Foundation, the maker of web browser FireFox. The email is sent massively with the title of ‘New Version Released' and from email addresses ending in @firefox.com , as shown in image 1:
Image 1 (Source: Naked Security)
In this message, users are requested to click on the link to update to the new version of FireFox. According to Sophos, when users click on the link, it downloads an executable file which bundles together an installer for Mozilla FireFox 5.0.1 and a password stealing Trojan named as Troj/PWS-BSF.
It must be noted that Mozilla FireFox does not send update notices via emails and FireFox automatically updates itself by default. CERT-MU advises users not to click on any links if they have received such emails. Users can download the latest version of FireFox directly from Mozilla or they can upgrade to the new versions by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu.
For more information, visit the following links:
http://www.thinq.co.uk/2011/8/8/fake-firefox-fix-hides-password-filching-trojan/
http://nakedsecurity.sophos.com/2011/08/08/fake-firefox-update-email-malware/
Source:
Sophos – Naked Security
http://nakedsecurity.sophos.com/2011/08/08/fake-firefox-update-email-malware/
The H Security
http://www.h-online.com/security/news/item/Fake-Firefox-update-includes-password-stealing-trojan-1319477.html
Softpedia
http://news.softpedia.com/news/Fake-Firefox-Update-Emails-Carry-Malware-215720.shtml
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
|
