X
Tap here to go to the mobile version of the site.

ஆதரவு மன்றம்

I received an "urgent Firefox Patch" notitification: is this legitimate?

  • 35 replies
  • 544 இந்த பிரச்னைகள் உள்ளது
  • Last reply by AgateBrick97792
பதிவிடப்பட்டது

Couldn't open original download ("Blocked Publisher" notification). This morning, I received a second notification from a different URL. Smells like a malware scam to me.

Couldn't open original download ("Blocked Publisher" notification). This morning, I received a second notification from a different URL. Smells like a malware scam to me.

தீர்வு தேர்ந்தெடுக்கப்பட்டது

No it is not legit. The fake updates exe can install things like trojans, viruses or unwanted software based on past reports.

The desktop Firefox is not just for Windows as it is for Mac OSX and Linux also so .exe would not be an effective way to send out Firefox updates. The updates are done internally in Firefox with a .mar file or by download from mozilla.org like say www.mozilla.org/firefox/all/

Even if Mozilla were to use .exe for Firefox updates on Windows, they would be serving them from a *.mozilla.org url and not from random websites with weird names.

Read this answer in context 574

Additional System Details

நிறுவப்பட்ட நிரல்கள்

  • Adobe PDF Plug-In For Firefox and Netscape 15.16.20045
  • GEPlugin
  • Google Update
  • Next Generation Java Plug-in 11.91.2 for Mozilla browsers
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • Shockwave Flash 21.0 r0

பயன்பாடு

  • User Agent: Mozilla/5.0 (Windows NT 10.0; rv:47.0) Gecko/20100101 Firefox/47.0

கூடுதல் தகவல்

James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

தீர்வு தேர்ந்தெடுக்கப்பட்டது

No it is not legit. The fake updates exe can install things like trojans, viruses or unwanted software based on past reports.

The desktop Firefox is not just for Windows as it is for Mac OSX and Linux also so .exe would not be an effective way to send out Firefox updates. The updates are done internally in Firefox with a .mar file or by download from mozilla.org like say www.mozilla.org/firefox/all/

Even if Mozilla were to use .exe for Firefox updates on Windows, they would be serving them from a *.mozilla.org url and not from random websites with weird names.

No it is not legit. The fake updates exe can install things like trojans, viruses or unwanted software based on past reports. The desktop Firefox is not just for Windows as it is for Mac OSX and Linux also so .exe would '''not''' be an effective way to send out Firefox updates. The updates are done internally in Firefox with a .mar file or by download from mozilla.org like say www.mozilla.org/firefox/all/ Even if Mozilla were to use .exe for Firefox updates on Windows, they would be serving them from a *.mozilla.org url and not from random websites with weird names.
பதிவிடப்பட்டது

உதவிகரமான பதில்

Thanks so much for your prompt and helpful reply. You folks rock!

Thanks so much for your prompt and helpful reply. You folks rock!
jjones42 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

I have just started getting this full screen pop up too. I can't remember how I blocked it last time (about 2 years ago). I have a malware program and Norton Internet Security, but neither have caught this.

I have just started getting this full screen pop up too. I can't remember how I blocked it last time (about 2 years ago). I have a malware program and Norton Internet Security, but neither have caught this.
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

Thanks for posting. I simply deleted the "urgent" notice without opening it, and it hasn't shown up again.

Thanks for posting. I simply deleted the "urgent" notice without opening it, and it hasn't shown up again.
James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

Yes this fake Firefox update .exe is not a new thing though normally it came and went. Recently it has been more aggressive as some users posted they got this from websites that was only registered a day or two earlier.

Yes this fake Firefox update .exe is not a new thing though normally it came and went. Recently it has been more aggressive as some users posted they got this from websites that was only registered a day or two earlier.
jeanettefriedman 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

Does anyone have the name of the file?

Does anyone have the name of the file?
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

I'm afraid that I deleted the notice without recording the file name. Sorry.

I'm afraid that I deleted the notice without recording the file name. Sorry.
James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

jeanettefriedman said

Does anyone have the name of the file?

The fake exe 's can have names like firefox_patch.exe or firefox_update.exe or similar.

''jeanettefriedman [[#answer-892862|said]]'' <blockquote> Does anyone have the name of the file? </blockquote> The fake exe 's can have names like firefox_patch.exe or firefox_update.exe or similar.
calebwilliams 0 தீர்வுகள் 5 பதில்கள்
பதிவிடப்பட்டது

James said

jeanettefriedman said
Does anyone have the name of the file?

The fake exe 's can have names like firefox_patch.exe or firefox_update.exe or similar.

Mine says "firefox-patch.exe" and then "which is: Binary File (337KB) From: https://ooveefreelink.org

When I tried to go to this website to check it out, I got a blank page. where is this coming from? Norton has never heard of it, and Malware Bytes didn't detect it.

''James [[#answer-892884|said]]'' <blockquote> ''jeanettefriedman [[#answer-892862|said]]'' <blockquote> Does anyone have the name of the file? </blockquote> The fake exe 's can have names like firefox_patch.exe or firefox_update.exe or similar. </blockquote> Mine says "firefox-patch.exe" and then "which is: Binary File (337KB) From: https://ooveefreelink.org When I tried to go to this website to check it out, I got a blank page. where is this coming from? Norton has never heard of it, and Malware Bytes didn't detect it.

calebwilliams மூலமாக திருத்தப்பட்டது

philipp
  • Top 25 Contributor
  • Moderator
5320 தீர்வுகள் 23501 பதில்கள்
பதிவிடப்பட்டது

likely this is spread through ad networks, you can try to install an adblocking addon to block crap like this: https://addons.mozilla.org/firefox/addon/ublock-origin/

likely this is spread through ad networks, you can try to install an adblocking addon to block crap like this: https://addons.mozilla.org/firefox/addon/ublock-origin/
James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

calebwilliams said

Mine says "firefox-patch.exe" and then "which is: Binary File (337KB) From: https://ooveefreelink.org

If you get this again and if you are willing can you save the .exe to disk (do not open or run it) and contact Tyler Downer in email with file as attachment. He would like examples of this fake .exe to submit them to anti-virus partners. See https://support.mozilla.org/en-US/forums/contributors/712056?last=69495#post-69483

Also as a added step if you can upload it to https://www.virustotal.com/ and post the url of the scan result.

''calebwilliams [[#answer-893211|said]]'' <blockquote> Mine says "firefox-patch.exe" and then "which is: Binary File (337KB) From: https://ooveefreelink.org </blockquote> If you get this again and if you are willing can you save the .exe to disk ('''do not open or run it''') and contact Tyler Downer in email with file as attachment. He would like examples of this fake .exe to submit them to anti-virus partners. See https://support.mozilla.org/en-US/forums/contributors/712056?last=69495#post-69483 Also as a added step if you can upload it to https://www.virustotal.com/ and post the url of the scan result.

James மூலமாக திருத்தப்பட்டது

Abzyx 0 தீர்வுகள் 8 பதில்கள்
பதிவிடப்பட்டது

jeanettefriedman said

Does anyone have the name of the file?

The file offered to me is analyzed here: https://www.virustotal.com/en/file/d5276fb20bc7c341426faec75514623133055808ec589af185c71f7431b55af5/analysis/1467903674/.

Don't worry: I did not run it, and will scan PC with various good tools. I would be inclined to suspect "malvertising" except that I'm using uBlock Origin extension. (Maybe I should go back to Adblock Plus?)

''jeanettefriedman [[#answer-892862|said]]'' <blockquote> Does anyone have the name of the file? </blockquote> The file offered to me is analyzed here: https://www.virustotal.com/en/file/d5276fb20bc7c341426faec75514623133055808ec589af185c71f7431b55af5/analysis/1467903674/. Don't worry: I did not ''run'' it, and will scan PC with various good tools. I would be inclined to suspect "malvertising" except that I'm using uBlock Origin extension. (Maybe I should go back to Adblock Plus?)
Abzyx 0 தீர்வுகள் 8 பதில்கள்
பதிவிடப்பட்டது

James said If you get this again and if you are willing can you save the .exe to disk (do not open or run it) and contact Tyler Downer in email with file as attachment. He would like examples of this fake .exe to submit them to anti-virus partners. See https://support.mozilla.org/en-US/forums/contributors/712056?last=69495#post-69483

Unfortunately I have already deleted my example, but I did submit it to VirusTotal (see above) and also to Microsoft because MSE 4.9 did not detect it. If I'm redirected again, I will keep your suggestion in mind.

''James [[#answer-893301|said]]'' If you get this again and if you are willing can you save the .exe to disk ('''do not open or run it''') and contact Tyler Downer in email with file as attachment. He would like examples of this fake .exe to submit them to anti-virus partners. See https://support.mozilla.org/en-US/forums/contributors/712056?last=69495#post-69483 Unfortunately I have already deleted my example, but I did submit it to VirusTotal (see above) and also to Microsoft because MSE 4.9 did not detect it. If I'm redirected again, I will keep your suggestion in mind.

Abzyx மூலமாக திருத்தப்பட்டது

jscher2000
  • Top 10 Contributor
8785 தீர்வுகள் 71851 பதில்கள்
பதிவிடப்பட்டது

Abzyx said

The file offered to me is analyzed here: https://www.virustotal.com/en/file/d5276fb20bc7c341426faec75514623133055808ec589af185c71f7431b55af5/analysis/1467903674/.

Says the file was freshly built today, so not only are they generating new domain names at a rapid pace, but also morphing the malware...

''Abzyx [[#answer-894911|said]]'' <blockquote> The file offered to me is analyzed here: https://www.virustotal.com/en/file/d5276fb20bc7c341426faec75514623133055808ec589af185c71f7431b55af5/analysis/1467903674/. </blockquote> Says the file was freshly built today, so not only are they generating new domain names at a rapid pace, but also morphing the malware...
James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

jscher2000 said

Says the file was freshly built today, so not only are they generating new domain names at a rapid pace, but also morphing the malware...

Perhaps the older .exe versions were getting flagged or blocked.

Thanks fo the virustotal scan link Abzyx.

''jscher2000 [[#answer-894919|said]]'' <blockquote> Says the file was freshly built today, so not only are they generating new domain names at a rapid pace, but also morphing the malware... </blockquote> Perhaps the older .exe versions were getting flagged or blocked. Thanks fo the virustotal scan link Abzyx.
FMinMI 0 தீர்வுகள் 4 பதில்கள்
பதிவிடப்பட்டது

philipp said

likely this is spread through ad networks, you can try to install an adblocking addon to block crap like this: https://addons.mozilla.org/firefox/addon/ublock-origin/

I thought it might be something hiding in Firefox so: 1) Deleted FF 2) Deleted all Firefox folders including profiles (searched entire HD) 3) Searched the registry for anything firefox or mozilla and deleted all 4) Ran CCleaner 5) Ran Microsoft's removal tool 6) Did a scan with 2 malware programs 7) Did a rootkit scan with tdsskiller (Kaspersky)

BUT the damn page showed up about 3 hours later. Very frustrating. It just pops up - I wasn't even using Firefox at the time....

Frank in Michigan

''philipp [[#answer-893218|said]]'' <blockquote> likely this is spread through ad networks, you can try to install an adblocking addon to block crap like this: https://addons.mozilla.org/firefox/addon/ublock-origin/ </blockquote> I thought it might be something hiding in Firefox so: 1) Deleted FF 2) Deleted all Firefox folders including profiles (searched entire HD) 3) Searched the registry for anything firefox or mozilla and deleted all 4) Ran CCleaner 5) Ran Microsoft's removal tool 6) Did a scan with 2 malware programs 7) Did a rootkit scan with tdsskiller (Kaspersky) BUT the damn page showed up about 3 hours later. Very frustrating. It just pops up - I wasn't even using Firefox at the time.... Frank in Michigan
Sufjan 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது
Here's what I got: https://chiewgamoniac.org/3681219572238/cf0d5dacf3cd717848558b371f1bdf13.html
FMinMI 0 தீர்வுகள் 4 பதில்கள்
பதிவிடப்பட்டது

I am still getting them. No one here at Mozilla Support has helped :-( Going to install Chrome and use it to see if it too has this virus pop up...

I am still getting them. No one here at Mozilla Support has helped :-( Going to install Chrome and use it to see if it too has this virus pop up...

FMinMI மூலமாக திருத்தப்பட்டது

James
  • Top 25 Contributor
  • Moderator
1600 தீர்வுகள் 11318 பதில்கள்
பதிவிடப்பட்டது

FMinMI said

I am still getting them. No one here at Mozilla Support has helped :-( Going to install Chrome and use it to see if it too has this virus pop up...

I guess you missed the suggestions in this and other threads about this like installing a adblocking extension such as https://addons.mozilla.org/firefox/addon/ublock-origin/

Even Google Chrome users on Windows has been getting hit with fake "Urgent Chrome Update" sites serving the fake chrome-update.bat file initially and now with a chrome_patch.hta file files often from same disposable sites being used for to serve the fake firefox-partch.exe and more recently firefox-patch.js files.

Proof in case you do not believe me https://support.mozilla.org/en-US/forums/contributors/712056?page=4#post-69718 and https://productforums.google.com/forum/#!topic/chrome/HcXgFFaO9WU

So using Google Chrome is not going to avoid this.

''FMinMI [[#answer-901936|said]]'' <blockquote> I am still getting them. No one here at Mozilla Support has helped :-( Going to install Chrome and use it to see if it too has this virus pop up... </blockquote> I guess you missed the suggestions in this and other threads about this like installing a adblocking extension such as https://addons.mozilla.org/firefox/addon/ublock-origin/ Even Google Chrome users on Windows has been getting hit with fake "Urgent Chrome Update" sites serving the fake chrome-update.bat file initially and now with a chrome_patch.hta file files often from same disposable sites being used for to serve the fake firefox-partch.exe and more recently firefox-patch.js files. Proof in case you do not believe me https://support.mozilla.org/en-US/forums/contributors/712056?page=4#post-69718 and https://productforums.google.com/forum/#!topic/chrome/HcXgFFaO9WU So using Google Chrome is not going to avoid this.

James மூலமாக திருத்தப்பட்டது

FMinMI 0 தீர்வுகள் 4 பதில்கள்
பதிவிடப்பட்டது

No, I have it and Ad Muncher. Still popping up. That is why I was going to try Chrome, in case the combo would work better with it.

Thanks for the reply though...

Frank

No, I have it and Ad Muncher. Still popping up. That is why I was going to try Chrome, in case the combo would work better with it. Thanks for the reply though... Frank