Malicious Firefox Update downgrades Firefox to version 13.0.

by Carol~ Moderator - 8/13/13 3:34 AM

Stop Malvertising: Malicious Firefox Update downgrades Firefox to version 13.0.

As noted @ ThreatTrack Security Labs: Outdated Browser Detected: Firefox Update! :

Over the weekend we saw a number of sites pushing so-called "Firefox updates". Our friend Kimberly at StopMalvertising covered one such site apparently generating traffic from a "Greencard lottery" ad; this one is a site I spotted on Web of Trust. Whether the below site is also being spread via lottery ads, we can't say, however both sites work in much the same way and use most if not all of the same elements.

Here's our contribution to the Firefox update rundown, starting with



Note the similarities to the URL in the StopMalvertising writeup, which is:[random]/lp/ff5(dot)php

The site claims:

"Outdated browser detected, you are using [browser x] which is now outdated
Please update the latest version of Firefox (Recommended)"

It also pops a box stating that you should update your browser to view the page.