Thinking of updating your web browsers? Just make sure that you download from legitimate sources, instead of downloading malware disguised as browser updates onto your system.
Just recently, we were alerted to a report of several websites offering updates for Internet browsers like Firefox, Chrome, and Internet Explorer just to name some. Users may encounter these pages by clicking malicious ads.
The bad guys behind this threat made an effort to make this ruse appear legitimate. These pages, as seen below, were made to look like the browsers’ official sites. To further convince users to download the fake update, the sites even offers an integrated antivirus protection:
Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload.
My colleague Bob Pan attempted to access the related sites via mobile devices. Most of his attempts resulted to an error prompt, except when he tried using devices with Android version 2.3+, in which he was able to download the same file downloaded via a system.
Using the feedback from Smart Protection Network™ , we uncovered that as of Nov. 23, 2012, France has the most number of infection, followed by the United States and Spain.
|Country||Number of Infection|
Software vendors release updates regularly to ensure that users get the latest features and improvements. But cybercriminals, unfortunately, may use this as a social engineering lure to hook users into downloading malware. It doesn’t help that these guys are making an effort to make their bogus sites look exactly like the real deal. Last October, we were alerted to legitimate-looking sites offering fake updates for Adobe, which is detected as TSPY_FAREIT.SMC.
To avoid this ruse, users must exclusively download updates from a legitimate source or the software vendor’s official websites. Many browsers also include an integrated auto-update feature. Users should also avoid clicking ads or visiting unknown URLs.
Trend Micro Smart Protection Network™ protects users from this threat by blocking access to these malicious sites. It also detects and deletes JS_DLOADR.AET and TROJ_STRATPA.AET if found in a user’s system.