X
Tap here to go to the mobile version of the site.

Support Forum

why am i getting a firefox-patch.js from yiomolibertyreserve.org?? is this legit??

Posted

got a screen popping up saying there is an urgent firefox update and a button to download now. the patch window opens on top of it... firefox-patch.js which is a javascript file from : https//yiomolibertyreserve.org it asks if i want to save it. https://yiomolibertyreserve.org/7571196957168/a12d822d5bffd48d6ca7139f4bc0ef4c.html (in address bar) is this legit? do i need to save it or what??

got a screen popping up saying there is an urgent firefox update and a button to download now. the patch window opens on top of it... firefox-patch.js which is a javascript file from : https//yiomolibertyreserve.org it asks if i want to save it. https://yiomolibertyreserve.org/7571196957168/a12d822d5bffd48d6ca7139f4bc0ef4c.html (in address bar) is this legit? do i need to save it or what??

Chosen solution

This is malware. Firefox does not update using such a method.

Note there will shortly be a genuine upgrade to Firefox 48. Using a blocker such as ublock origin may help prevent such problems.

If you have downloaded and clicked on or run such malware please post back for further advice.


P.S. Please also see

Read this answer in context 48

Additional System Details

Installed Plug-ins

  • GEPlugin
  • Version 5.41.3.0
  • Google Update
  • The plugin allows you to have a better experience with Microsoft Lync
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 22.0 r0
  • Unity Player 5.0.3f2
  • WildTangent Games App V2 Presence Detector

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0

More Information

John99 971 solutions 13138 answers

Chosen Solution

This is malware. Firefox does not update using such a method.

Note there will shortly be a genuine upgrade to Firefox 48. Using a blocker such as ublock origin may help prevent such problems.

If you have downloaded and clicked on or run such malware please post back for further advice.


P.S. Please also see

This is malware. Firefox does not update using such a method. * See [[Update Firefox to the latest version]] Note there will shortly be a genuine upgrade to Firefox 48. Using a blocker such as ublock origin may help prevent such problems. * https://addons.mozilla.org/firefox/addon/ublock-origin/ If you have downloaded and clicked on or run such malware please post back for further advice. -------- P.S. Please also see * [[I found a fake Firefox update]]

Modified by John99

Helpful Reply

thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!!

thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!!
James
  • Moderator
1594 solutions 11232 answers

sylentdiva said

thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!!

You noticed the page in thinking it looked like it could be official yet the weird name of the yiomolibertyreserve url did not raise any red flags for you?.

Mozilla does not need to host anything updates/downloads for desktop Firefox related outside of a *.mozilla.org url.

Every one of these disposable Firefox patch scam sites have had a weird name. https://support.mozilla.org/en-US/forums/contributors/712056

''sylentdiva [[#answer-899682|said]]'' <blockquote> thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!! </blockquote> You noticed the page in thinking it looked like it could be official yet the weird name of the yiomolibertyreserve url did not raise any red flags for you?. Mozilla does not need to host anything updates/downloads for desktop Firefox related outside of a *.mozilla.org url. Every one of these disposable Firefox patch scam sites have had a weird name. https://support.mozilla.org/en-US/forums/contributors/712056
deedeec 0 solutions 1 answers

How do we stop the pop-up? I've been canceling it, but it is still randomly popping up on my browser. I've searched my computer for the "firefox-patch.js" and I am not finding it. Trying to delete it.

How do we stop the pop-up? I've been canceling it, but it is still randomly popping up on my browser. I've searched my computer for the "firefox-patch.js" and I am not finding it. Trying to delete it.
John99 971 solutions 13138 answers

This is normally something external.

Possibly the malverts involved are somehow able to fingerprint and target particular categories of victims, possibly partly in a manner not dissimilar from the way other adverts will be targeted at what are your perceived interests.

By using some sort of script or adblocker you probably reduce the chance of seeing these fake update requests.

This is normally something external. Possibly the malverts involved are somehow able to fingerprint and target particular categories of victims, possibly partly in a manner not dissimilar from the way other adverts will be targeted at what are your perceived interests. By using some sort of script or adblocker you probably reduce the chance of seeing these fake update requests. * For instance ublock origin https://addons.mozilla.org/firefox/addon/ublock-origin
rdwray 2 solutions 38 answers

The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to abuse@trellian.com Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email.

The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to '''abuse@trellian.com''' Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email.
James
  • Moderator
1594 solutions 11232 answers

rdwray said

The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to abuse@trellian.com Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email.

The sites are registered the day before and then only used for about a day anyways.

''rdwray [[#answer-921241|said]]'' <blockquote> The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to '''abuse@trellian.com''' Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email. </blockquote> The sites are registered the day before and then only used for about a day anyways.
rdwray 2 solutions 38 answers

It looks like there should be a way to block with the page text because this is the only common thing, it always comes through with "Urgent Firefox update". They may change the text, but it would take a while for the "punk" to catch on.

I would still like to know how this is happening, what on my computer is letting the hacker overwrite another website?

It looks like there should be a way to block with the page text because this is the only common thing, it always comes through with "Urgent Firefox update". They may change the text, but it would take a while for the "punk" to catch on. I would still like to know how this is happening, what on my computer is letting the hacker overwrite another website?

Modified by rdwray

stepan1 1 solutions 7 answers

FYI: I only get this scam splash screen when visiting conservative news Websites such as Fox news or Breitbart.

FYI: I only get this scam splash screen when visiting conservative news Websites such as Fox news or Breitbart.
rdwray 2 solutions 38 answers

I get it random, sometimes weeks apart and sometimes two days in a row.

I get it random, sometimes weeks apart and sometimes two days in a row.
stepan1 1 solutions 7 answers

The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.
rdwray 2 solutions 38 answers

stepan1 said

The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug...

''stepan1 [[#answer-921364|said]]'' <blockquote> The timing of the fake Firefox updates is random, but it is always from visiting conservative news online. </blockquote> Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug...
John99 971 solutions 13138 answers

rdwray said

stepan1 said
The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug...

  • We are almost 100% certain this is not due to a Firefox bug.
  • It may at least in part involve malware on your computer. It certainly increases the risk of you getting malware. Malware that could steal your data or money or both.
  • We are also aware that these pages are malware that is undeniable.
  • Where do you think they come form? You are getting them off the internet.

The fact that some people do not see these or see these and then get alerts or blocks is due to ad blockers and security software, without those you are at increased risk.

Reputable sites do sometimes get hacked. Many reputable sites do spread advert content. They may need to just to survive. How well are the details of those adverts and their complex scripting and nested redirects checked by the reputable company ? Lets say the I am fairly certain the Company will check they receive the revenue as and when expected, but do they have any incentive to spend - or as they see it waste - money on checking the adverts or whatever that the end user receives.

''rdwray [[#answer-921372|said]]'' <blockquote> ''stepan1 [[#answer-921364|said]]'' <blockquote> The timing of the fake Firefox updates is random, but it is always from visiting conservative news online. </blockquote> Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug... </blockquote> * We are almost 100% certain this is not due to a Firefox bug. * It may at least in part involve malware on your computer. It certainly increases the risk of you getting malware. Malware that could steal your data or money or both. * We are also aware that these pages are malware that is undeniable. * Where do you think they come form? You are getting them off the internet. The fact that some people do not see these or see these and then get alerts or blocks is due to ad blockers and security software, without those you are at increased risk. Reputable sites do sometimes get hacked. Many reputable sites do spread advert content. They may need to just to survive. How well are the details of those adverts and their complex scripting and nested redirects checked by the reputable company ? Lets say the I am fairly certain the Company will check they receive the revenue as and when expected, but do they have any incentive to spend - or as they see it waste - money on checking the adverts or whatever that the end user receives.
rdwray 2 solutions 38 answers

IE is the most open web browser on the market, so why doesn't this happen to it? For a piece of malware to get on my PC, I would have to download something that contained it or open a contaminated email. This did not start taking place until I installed FF 47 and now it does not matter if I rollback or not, it is still present.

If I did not have so many addons I would do a total removal of FF and start over just to prove my point. The biggest problem is cleaning out the registry.

IE is the most open web browser on the market, so why doesn't this happen to it? For a piece of malware to get on my PC, I would have to download something that contained it or open a contaminated email. This did not start taking place until I installed FF 47 and now it does not matter if I rollback or not, it is still present. If I did not have so many addons I would do a total removal of FF and start over just to prove my point. The biggest problem is cleaning out the registry.

Modified by rdwray

James
  • Moderator
1594 solutions 11232 answers

I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update.

It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet.

Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU

These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/

I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update. It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet. Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/

Modified by James

rdwray 2 solutions 38 answers

James said

I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update. It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet. Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/

I read both the articles and there does not seem to be a solution for the FF problem. I have had a couple of major malwares that took me up to a month to get rid of, but I don't see anything related to this problem and that is what makes me believe that FF (same a Goggle Chrome) has a bug that is being targeted - these seem to be the only browsers that are affected.

''James [[#answer-921503|said]]'' <blockquote> I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update. It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet. Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/ </blockquote> I read both the articles and there does not seem to be a solution for the FF problem. I have had a couple of major malwares that took me up to a month to get rid of, but I don't see anything related to this problem and that is what makes me believe that FF (same a Goggle Chrome) has a bug that is being targeted - these seem to be the only browsers that are affected.