This thread was archived. Please ask a new question if you need help.
A page which is FF (nearly identical) keeps asking me to d/l install an emergency *.js patch and I know it's not FF. What to do?
I wish I could be specific. The page comes up as if piggybacked but it comes from a legitimate URL. (like Yahoo) It isn't from FF, I know, but it's got the fox near the top of the page and nothing ON the page itself.
All Replies (7)
Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it.
More info: I found a fake Firefox update
Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example:
This is the URL: link text
Malware run of bit defender showed 0.
Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it. More info: I found a fake Firefox update Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example: https://addons.mozilla.org/firefox/addon/ublock-origin/
The firefox-patch.js file and the sites with a orange background and Firefox icon are Fake as it is not from Mozilla or the Firefox web browser.
Mozilla has no need to host Firefox updates or download elsewhere, especially not at random weird name websites that was only registered a day earlier.
You can see this has been going on for a while unfortunately. https://support.mozilla.org/en-US/forums/contributors/712056
Modified by James
I originated this question. It's happened a few times now and I scan clear, so it's not a bug in my puter.
This is the most recent incarnation. from this URL: http://www.hometalk.com/21384897/diy-fall-wreath-tutorial?se=wkly-20160911&date=20160911&slg=747b1addf7ca1fdbb55e2d50b7e9e03a-9335625
it flipped to this URL after I had been sitting on the page for a minute or so. https://papoimidori-japan.org/264846076566/01cb38ecedbd1153fdca325ed5f94ad2.html
and asked if I wanted to open that .js file.
At least you're not falling for the fakes; as long as you ignore them, not download or click on anything, you should be fine.
Hard to get rid off these scammers, as they will change their URL on a daily basis.
Trying the ad-blocking add-on, as suggested by jscher2000, might be wise.
Thank you for reporting this - good job !!!
A lot of people only seen to see this fake update the once, and many of those users probably are unwilling or unable to try to obtain further information, but if you aer willing to try to help identify where this is coming from this is the recent request from a Firefox developer:
Saving the page that pops up the fake update screen (not the markup of the update screen, but of the page that creates it) using ctrl-s (cmd-s on osx) and saving it once as "web page, complete" and once as "web page, HTML only", and uploading both of those as zip files (including the <pagename-you-enter-in-save-dialog>_files directory) onto this bug might help. It's hard to be sure or give detailed instructions when we don't know how exactly how the webpage is opening the window. If the update thing is now redirecting the main tab as loaded (which seems to be what some users are suggesting/experiencing) then the only thing that'll really help make sense of what's happening is a network trace from wireshark, or detailed screenshots of the firefox network console that provide similar information.
This isn't entirely helpful unless the page showing this comment, (https://support.mozilla.org/en-US/questions/1137248?utm_campaign=questions-reply&utm_medium=email&utm_source=notification) is the URL you want the Fake pages to.