firefox upgrade triggers AVG malware detection
A firefox upgrade screen appeared indicating an upgrade was needed for both firefox and flash.
The notice is from "http:// firefox .perl.sh/" and requests the download of the file "firefox-update.exe"
My virus detection program detected a malware file as the firefox-update program was run.
I then stopped the program and put all the detected files into AVGs virus vault.
I've never had anything like this come up on updating firefox.
I could not find a revision history to double check on line.
I have the update executable saved and the page this came from is still open in a tab.
Hairs went up on the back of my neck, so I looked a bit further.
Any help you could give me would be appreciated
edited by a moderator to make that address not clickable
the-edmeister moo ko soppali ci
All Replies (5)
That is a fake update web page, not a legitimate Mozilla URL. I just reported it as a Web Forgery.
When you come across a page like that, you can report it yourself using Help > Report Web Forgery
Ok, in the past I only remember seeing a page resembling this after the update has been completed. Having one come up to prompt an update was new to me. But things change, and it did look good.
I was hooked and reeled in.
I figure I'll get more of these; at the very least I figure they have my IP address.
Thanks for your help, I gotta go and blow away some stuff before any accidents happen.
Cheers, Dave W.
Don't assume a web page is legitimate just because Firefox or Mozilla appear somewhere in the address bar, especially when it isn't a secure HTTPS connection. There's a lot of fakes out there, and as soon as SafeBrowsing "flags" as URL as a fake, another appears to replace it. IMO, that URL won't last 24 to 48 hours before it becomes useless for that type of exploit, and they replace it with another that either Google has to find on its' own or it gets reported by an alert user and that one is then blocked.
I doubt if they are targeting users by IP address. They're probably targeting Firefox users by reading the UserAgent and then doing re-direct to fake pages like that via JavaScript.
My advice is to install NoScript, at least for the redirect alert bar.
https://addons.mozilla.org/en-US/firefox/addon/722
http://noscript.net/
Another thing I forgot to mention, Firefox updates aren't packaged in an .exe file, Mozilla delivers them via a .mar file that installs automatically only from an "authorized" mirror website. There's no external "file handling" for the user with a Firefox update.
the-edmeister moo ko soppali ci
Always use "Help > Check for Updates" to update Firefox and never via a link on a web page, unless you install a full version from the official Mozilla website.
Thanks Everybody!