Sophos Cloud Optix
Although we see some very sneaky social engineering tricks used by scammers and cybercriminals on occasions, designed to trick users into making unwise decisions, we also see some very basic attempts at online crime.
Take, for instance, this email which was spammed out this weekend pretending to be an advisory about a new update to the popular Firefox web browser.
Hopefully no regular reader of Naked Security would fall for it.
Subject: New version released.
Message body:
Important notice
A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available. Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available. A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates.
For security reasons please update your firefox version now
[LINK]
There are no surprises here. The link downloads an executable file, which bundles together an installer for Mozilla Firefox 5.0.1 and… a password-stealing Trojan horse.
Sophos already detected the Trojan horse as Troj/PWS-BSF.
Our labs have also added detection for the actual bundle itself, which we’re identifying as Troj/Mdrop-DPO.
You should always exercise caution when you’re asked to click on a link in an unsolicited email.
And, in particular, don’t forget that Firefox automatically updates itself – so you should never have to act upon an email like this. If you want to manually look for the latest update, simply open Firefox and go to the Help menu and select About Firefox.
Here’s a link to Mozilla’s website, where you can download the real latest version of Firefox.
not surprised that someone would try to hit firefox….at least if you look closely at the email you can tell it was not sent by Mozilla
When will they ever learn….. sad thing is, the same idiots who actually believe their bank would contact them by email asking them to change the log-in details/password will likely be sucked in by this one as well….
When will we see international laws and jurisdiction on this one – policed by Interpol and co-operating authorities – so that these mongrels can't find safety on foreign soil!
NEVER! And that’s the sad truth, Ruth!
Scripts kiddies, 419 Scam Artists, and other flakes for want of anything more moral to do with their time will always be PITAs!
Count on it!
Eternal Vigilance!
I know the response by you is old, but the issue is not.
We can’t move forward and expect people to, learn, trust, or respect anyone, or these ‘Replies’ if they are always being deemed, labeled, and convicted of being an “idiot”.
Instead of flaming those that don’t match one’s own experience or self-proclaimed expertise, reach out and help them or, as My Mother would say… “It’s best to sit there with your mouth shut and look stupid, than to open it and remove all doubt.”
Just because people don’t have the same level of intelligence you think you do, doesn’t make them an “idiot”
Be nice.. and have a nice day.
I
Any browser doesn’t send an e-mail to tell you that they released a new version.such as avant browser ,firefox ,chrome ,ie …and so on .
They will inform you that you should update your browser version when you start it
You should be careful when you receive an e-mail which lets you update software.Maybe it is a virus
Correction. Dolphin HD browser for android phones does email to inform of browser updates. They ask you to download it as apk file. But you can always scan before downloading it or better yet just pick it up on the market .
Thanks for the information you provide about Firefox. Previously I did not know about this information, in accordance with your story when there is a command to download Firefox, I click the command. But what happens is my laptop Firus exposed, and it makes me upset. Now I understand why I often get the virus from the internet. And I will follow your suggestion to download the latest version of Firefox through the correct link.
Is the email address really from 'firefox.com'?
Forging a "From" address is easy – you'd have to look at the full headers to tell.
That's one of the spam prevention tools that's typically used by e-mail providers to filter phishing and scams. If you look in your GMail spam folder and find a phishing message, you might see a red bar at the top warning you that it may not be from who it claims to be from. When you look at the headers you'll probably find that GMail inserted something like "xxx.xxx.xxx.xxx is not a permitted sender for firefox.com", where the IP address is the one listed in the originating-server header.
An update window popped up and I clicked it — but immediately realized it wasn't a real software update and cancelled. Is it too late?