Reported Attack Page: A latest malicious trick from Security Tool (Rogue Anti-Virus)
Whenever an unsuspecting user visits the malicious page, it gets a fake but an authentic looking Firefox “Reported Attack Page!”
As soon as users land on an infected/compromised webpage they’ll be told that “The URL is not valid and cannot be loaded” and will be presented an option to click “OK”
After pressing the OK button, users will see a fake Firefox “Reported Attack Page” which will trick the users into believing that the webpage is infected and invites them to update their web-browser.
Users who click the Download Updates button will end up with a file called “ff_secure_upd.exe” on Mozilla Firefox and “chrome_secure_upd.exe” on Google’s Chrome browser; either way, what they really get is the rogue AV application which uses fake system alerts and falsified system scans to persuade purchase of the Security Tool application.
Firefox users with scripts enabled, even need not not to click the “Download Updates” button rather, they’ll just be prompted to click “OK” to download “Firefox secure updates.”
Clicking “Cancel” button only results in a repeated warning that updates need to be downloaded.
So all in all, this compromised website will you give countless chances to download the so called Firefox secure updates, which is actually a infamous misleading application called Security Tool..
This kind of approach is not new and has been demonstrated before by attackers.
And that’s not all. There is an iframe within the page that loads the infamous Phoenix exploit kit from a different website, security researchers from F-Secure reported, thereby exposing users to further exploitation.
Now a days, malware authors are employing innovative tactics to fool users – it’s as simple as that. So users are advised to be extra careful while clicking on unverified or unfamiliar hyper-links.
Users are also advised to keep their anti-virus applications up to date and if possible, use script-blocking technologies available to their browsers, such as the NoScript extension for Firefox which protect yourself against XSS, Clickjacking attacks and prevents exploitation of security vulnerabilities.
Stay Safe, Stay Secured !!