Fake Browser Updates Deliver Malware
Instead of a browser update, the download contains a Windows Trojan.
According to a recent alert from StopMalvertising.com, cybercriminals are leveraging the announcement of recent Chrome and Firefox browser updates to distribute malware.
"Internet users are told that their current browser version is out of date and they are invited to install the latest update," the alert states. "Victims are redirected to securebrowserupdate.com via a malvertisement. The domain securebrowserupdate.com has been registered on the 16th November 2012 via name.com. The registrant details are protected by a privacy service."
"To make the scam appear genuine, the software behind the pop-up window can typically determine which browser is in use at the time," writes CRN's Ken Presti. "A number of options are presented for update, but none of the identifiers match current versions of either browser."
"The Trojan will change the browser’s home page to a site hosting additional malware, putting the user at further risk," writes Threatpost's Michael Mimoso.