Fake Firefox update email - don't click, or you may have your passwords stolen

Filed Under: Firefox, Malware, Spam

Fake FirefoxAlthough we see some very sneaky social engineering tricks used by scammers and cybercriminals on occasions, designed to trick users into making unwise decisions, we also see some very basic attempts at online crime.

Take, for instance, this email which was spammed out this weekend pretending to be an advisory about a new update to the popular Firefox web browser.

Hopefully no regular reader of Naked Security would fall for it.

Fake Firefox update email

Subject: New version released.

Message body:

Important notice
A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available. Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available. A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates.
For security reasons please update your firefox version now

There are no surprises here. The link downloads an executable file, which bundles together an installer for Mozilla Firefox 5.0.1 and... a password-stealing Trojan horse.

Sophos already detected the Trojan horse as Troj/PWS-BSF.

Our labs have also added detection for the actual bundle itself, which we're identifying as Troj/Mdrop-DPO.

You should always exercise caution when you're asked to click on a link in an unsolicited email.

And, in particular, don't forget that Firefox automatically updates itself - so you should never have to act upon an email like this. If you want to manually look for the latest update, simply open Firefox and go to the Help menu and select About Firefox.

Here's a link to Mozilla's website, where you can download the real latest version of Firefox.

, , ,

You might like

10 Responses to Fake Firefox update email - don't click, or you may have your passwords stolen

  1. Bbygrl · 1527 days ago

    not surprised that someone would try to hit firefox....at least if you look closely at the email you can tell it was not sent by Mozilla

  2. ElricE · 1527 days ago

    When will they ever learn..... sad thing is, the same idiots who actually believe their bank would contact them by email asking them to change the log-in details/password will likely be sucked in by this one as well....

    When will we see international laws and jurisdiction on this one - policed by Interpol and co-operating authorities - so that these mongrels can't find safety on foreign soil!

    • Maurice · 1526 days ago

      NEVER! And that's the sad truth, Ruth!

      Scripts kiddies, 419 Scam Artists, and other flakes for want of anything more moral to do with their time will always be PITAs!

      Count on it!

      Eternal Vigilance!

    • Internaut · 1201 days ago

      I know the response by you is old, but the issue is not.

      We can't move forward and expect people to, learn, trust, or respect anyone, or these 'Replies' if they are always being deemed, labeled, and convicted of being an "idiot".

      Instead of flaming those that don't match one's own experience or self-proclaimed expertise, reach out and help them or, as My Mother would say... "It's best to sit there with your mouth shut and look stupid, than to open it and remove all doubt."

      Just because people don't have the same level of intelligence you think you do, doesn't make them an "idiot"

      Be nice.. and have a nice day.


  3. baby · 1526 days ago

    Any browser doesn't send an e-mail to tell you that they released a new version.such as avant browser ,firefox ,chrome ,ie ...and so on .
    They will inform you that you should update your browser version when you start it
    You should be careful when you receive an e-mail which lets you update software.Maybe it is a virus

    • Xtream · 1520 days ago

      Correction. Dolphin HD browser for android phones does email to inform of browser updates. They ask you to download it as apk file. But you can always scan before downloading it or better yet just pick it up on the market .

  4. Boris · 1526 days ago

    Thanks for the information you provide about Firefox. Previously I did not know about this information, in accordance with your story when there is a command to download Firefox, I click the command. But what happens is my laptop Firus exposed, and it makes me upset. Now I understand why I often get the virus from the internet. And I will follow your suggestion to download the latest version of Firefox through the correct link.

  5. bobce · 1523 days ago

    Is the email address really from 'firefox.com'?

    • Anon · 1476 days ago

      Forging a "From" address is easy - you'd have to look at the full headers to tell.

      That's one of the spam prevention tools that's typically used by e-mail providers to filter phishing and scams. If you look in your GMail spam folder and find a phishing message, you might see a red bar at the top warning you that it may not be from who it claims to be from. When you look at the headers you'll probably find that GMail inserted something like "xxx.xxx.xxx.xxx is not a permitted sender for firefox.com", where the IP address is the one listed in the originating-server header.

  6. sarathurston · 1518 days ago

    An update window popped up and I clicked it -- but immediately realized it wasn't a real software update and cancelled. Is it too late?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley