Security firm Blue Coat has posted about a new threat that awaits unsuspecting web users: fake notifications about browser updates.
In a post on its blog, Blue Coat’s Chris Larsen details a new bit of trickery used by nefarious malware creators to snare surfers in their trap. The hack started with simple web ads, delivered via the DoubleClick and adnxs networks. Users would be prompted notified that their browser is outdated, with a fairly authentic-looking ad that correctly detected the browser software in use. Clicking download would then grab malware (and not a browser update, obviously) which would then be innocently installed by a user who knew no better.
Of course, the ad itself and the text look shady enough to the trained eye, and Blue Coat says that only 10% of users ended up following through and downloading the malware. But only two of 48 major anti virus engines picked up the malware installer, and it’s not helped that the installer offers the use of a safe-search toolbar from ant-virus company AVG – though the company has no association with the malware creators.
Speaking to htxt.africa, Chris Larsen expanded on some of the details for this new malware and delivery advertising-based delivery mechanism – something he calls malvertising.
Larsen points out that attackers can create their own ads to point users to these sites that offer fake browser updates, or they can use more enticing advertisements to lure people. It’s not a case of the ad networks being compromised, but just a loophole in how ads are submitted by, presumably, paying clients.
He also says that the best way to avoid getting caught is to not trust any site that offers updates. With the recent rise in these kind of attacks security companies are seeing fake updates for common and popular applications, such as Adobe Flash, Adobe Acrobat Reader, Java, and even updates for an operating system itself. All of those applications have their own update notifications and don’t serve up information on websites.
All of those apps, as well as web browsers, check for updates on startup and notify users of updates through an application window, not a website.
In short, be careful on what you click when browsing, because that innocuous offer to update your software or give you a free download could really end up costing you.