Posts Tagged ‘Mozilla Firefox’

Fake Firefox warnings lead to scareware

Published by pratyushkp on May 31st, 2011 - in Social, Technology

Image via CrunchBase

Purveyors of fake security software don’t let much grass grow under their feet and continually make improvements to their social engineering lures.

While most of the talk for the past month has been their move to Mac with fake Finder pop-ups that appear to scan your computer, they haven’t stopped innovating on Windows either.

Their latest scam? They detect your user-agent string from your web browser and display a fake Firefox security alert if you are using the Mozilla Firefox web browser.

Internet Explorer users get the standard “My Computer” dialog that appears to do a system scan inside their browser window.

Taking advantage of detailed information about the person’s computer and software allows for a much more specific, believable social engineering attempt.

We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices.

If you click the “Start Protection” button you will download the latest, greatest fake anti-virus program which will perform exactly the way you would expect a fake anti-virus program it to.

It will faithfully detect fake viruses on your computer until you register it for $80 or more.

If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages.

If you get a warning about a dangerous website from Firefox you can always play it safe… Close the browser.

Source :- http://nakedsecurity.sophos.com

  • Fake Firefox warnings lead to scareware (nakedsecurity.sophos.com)
  • Everything You Need to Know About Mac Scareware (pcworld.com)
  • Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter (blogoholic.in)
  • SCAREWARE FOR MACINTOSHES: The fact that Mac users have fallen victim to “scareware” scams – the… (pajamasmedia.com)
  • New Mac fake-defenders similar to Windows scareware (go.theregister.com)
  • Apple admits scareware problem, at last (go.theregister.com)
  • Newest Mac Defender scareware installs without a password (infoworld.com)
  • Protect yourself from the fake anti-virus’ and Java exploits (one7.wordpress.com)
  • G Data CloudSecurity, Web Browser Protection Plugin (ghacks.net)

Baby Born amazing effect? No, another Facebook likejacking scam

Published by pratyushkp on May 28th, 2011 - in Social, Technology

Image via CrunchBase

Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a “Like” button to pass the message onto their online friends.

A typical message looks as follows:

Baby Born Amazing Effect - WebCamera
[LINK]
Big Baby Born !

(Note: Graham Cluley have obscured the thumbnail used in the messages, as some may find it offensive because of its err.. anatomical nature.)

The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on.

The pages are headlined: “Baby Born Video – Amazing Effects”.

See the message at the bottom of the page? It reads:

If Play Button don't work please click on the Like button and Confirm, then you can watch the Video.

It’s at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally.

It’s a shame that Facebook’s own security measures don’t warn about this clickjacking attack.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Unfortunately, thousands of Facebook users appear to have fallen for the scam – and are helping the links spread rapidly across the social network.

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”.

Unfortunately that doesn’t completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

If only folks were more careful about the links they clicked on when using Facebook.

Source :- http://nakedsecurity.sophos.com

  • Baby Born amazing effect? No, another Facebook likejacking scam (nakedsecurity.sophos.com)
  • Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl (pratyushkp.wordpress.com)
  • Facebook announces new security features (blogoholic.in)
  • Hottest & Funniest Golf Course Video scam spreads virally on Facebook – beware! (blogoholic.in)
  • It’s a Facebook clickjack scam (eclectomania.wordpress.com)
  • Facebook announces new security features (pratyushkp.wordpress.com)

Google Chrome Warns Against Malicious Downloads

Published by pratyushkp on April 17th, 2011 - in Social, Technology

The browser now alerts users if the file being downloaded is malicious

Google boasts about several security features in its Chrome web browser. Now, Google has added one more feature in Chrome web browser which will alert users against malicious file downloads. Now that’s something every browser should ideally have so that users don’t have to be dependent on anti-malware programs. This experimental feature is currently made available to Chrome Development Channel for testing and initially, it will alert against malicious Windows executables.

The Google Safe Browsing API comes into picture when the browser checks if the Windows executable being downloaded originates from a malicious code bearing site or not. Also, it has the same privacy policy as in the Safe Browsing feature which means Google will never know what URL you’ve visited to download that particular file.

This new alert against malicious file download could be too small to be noticed. At times, users are in such a hurry that they click on the ‘x’ (Close) on any pop-up message. So instead of showing an alert just above the status bar, something more attention drawing is required to make this feature actually useful.

Google Chrome has been offering features such as alerts the users against faulty websites that intend to inject malicious code in the user system. Google accumulates data about such websites and makes it available via Safe Browsing API. Several web browsers – Google Chrome, Mozilla Firefox, and Safari make use of Google’s Safe Browsing API to warn users if they happen to visit webpages that have been coded smartly to inject malware code in the system.
Google didn’t promise any date when the feature would be implemented and made available via a stable build of the Chrome browser.
Source -: http://www.techtree.com/India/News/Google_Chrome_Warns_Against_Malicious_Downloads/551-115023-643.html

  • This File Appears To Be Malicious, Google Chrome Safe Browsing Protection (ghacks.net)
  • Rumor: Get Google Chrome Web Browser will login Soon ? (huangyu860810.wordpress.com)
  • Google’s Chrome Browser to Warn of Dangerous Downloads (pcworld.com)
  • Google Chrome Stable Security Update April 2011 (ghacks.net)
  • Google Chrome Browser Will Block Dangerous Downloads (pcworld.com)
  • Chrome’s New Security Feature Will Protect You From Malicious Downloads (GOOG) (businessinsider.com)
  • Google Chrome at 120 Million DAU, Chrome OS Set for Mid-Year (searchenginejournal.com)
  • Google Chrome to warn of malicious Windows executables (go.theregister.com)
  • Five Hot Features Coming to Google’s Chrome Browser (pcworld.com)
  • Google Chrome and Chromium add protection against malicious downloads (downloadsquad.switched.com)

IE9 Downloads Cross 2.3 Million in One Day IE9 Downloads Cross 2.3 Million in One Day

Published by pratyushkp on March 19th, 2011 - in Social, Technology

Microsoft on Cloud 9

The final version of Internet Explorer 9, the latest iteration of Microsoft’s web browser, was released to public two days ago on of March 15. In just 24 hours, the browser managed to cross 2.3 million downloads. That’s a pretty impressive number, considering only Windows Vista and 7 users can download this browser. Of course, Microsoft couldn’t be more pleased with this news, as is evident from their blog post. In comparison though, Firefox 3 managed to cross 8 million downloads in a day, creating a world record for itself back in 2008. Then again, Firefox is a multi-platform browser, available to Mac and Linux users as well.

We are glad that IE9 is getting a good response. It’s quite a good browser and for the first time, Microsoft has a browser that can compete with the best of the browsers out there. Unfortunately, unless the Windows XP users upgrade to Windows 7, we don’t really see the percentage of IE6 users to drop any time soon. Too bad IE9 is not available for XP users.
To download IE9, click here. To read our full review, click here.

  • IE9 Hits 2.3 Million Downloads In 24 Hours (informationweek.com)
  • 10 Things You Need To Know About Internet Explorer 9 (maketecheasier.com)
  • Internet Explorer 9 Reaches 2.3 Million Downloads In 24 Hours (webpronews.com)
  • IE9 First Day Downloads Disappoint (conceivablytech.com)
  • IE9: Downloads beat Angry Birds, lag Firefox and Opera (go.theregister.com)
  • IE9 downloads hit 2.3m, miles behind Firefox – but could soon hit 100m (guardian.co.uk)
  • This week at Microsoft: IE9, spam, and Metro expansion (thenextweb.com)
  • Firefox 4 to be released March 22, will it beat IE9? (downloadsquad.switched.com)
  • “IE9 downloaded more than 2.35 million times in 24 hours” and related posts (neowin.net)
  • “Internet Explorer 9 Hits 2.3 Million Downloads in 24 Hours” and related posts (gadgetvenue.com)
Tags: Internet Explorer 9, , , , , , Windows Vista, Windows XP
© Social Media Blog

Ad Plugin made by Free Wordpress Themes