Beware of Fake Warning Pages Spreading Browser Love

A new social engineering trick is making victims as users try to patch

A new campaign initiated by cyber-criminals is making victims among unwary computer users that land on the wrong website. The new approach is yet another take in a multi-faceted rogue antivirus business and it tries to lure web surfers into installing malware on their computers.

It all starts with the user getting redirected to a specially-crafted  page that strikingly resemble the security warnings implemented in the Mozilla Firefox® and Google Chrome™ browsers to notify  users when they are about to visit malicious content. The similitude with the genuine warning page is striking the only difference between the two being that a Download Updates button pops out of the fake page. Right after the user has landed on the page, a JavaScript redirect will trigger the download of an infected file, named either ff_secure_upd.exe or chrome_secure_upd.exe, depending on the browser the fake page has been designed for.


The page tailored for Firefox® users

The so-called “security update” is actually a fake antivirus, detected by BitDefender as Gen:Variant.Kaze. The websites identified as being  part of this scheme have suggestive names built around keywords such as Firefox, update and news and they are registered with free domain name providers. A quick IP check revealed that these websites are hosted in Canada.


The page tailored for Google Chrome™ users


BitDefender customers have been protected since the beginning of this campaign. If you are not using a BitDefender security product and you’d like to know whether your system has been compromised or not, you might want to run a 60-second quick scan available here.

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.