With the recent Firefox updates an unexpected
download has appeared. This download can also popup as you browse the web. Knowing
that Firefox has never attached a critical patch to their updates in the past, I
tried to do a little research on the site in which the download came from and
was unable to reach it.
Then I went to the Firefox Mozilla Support Community and found this report, I found a fake Firefox update - Mozilla Support Community. In it Mozilla relates the following to their users of Firefox:
We have received reports from many users who were
interrupted in their browsing experience and who got redirected to a fake page
purporting to provide an "urgent" or "critical" update and
prompting to download a firefox-patch.js (or .exe) file. Some people have also
reported seeing ads prompting them to download a Firefox update. These are scam
tactics trying to trick you into installing malware!
Note: Firefox
has an automated background update mechanism which will never prompt you to
manually download and execute a file. In addition you can always trigger a
search for updates within Firefox yourself - to learn how, see Update Firefox to the latest version.
To our knowledge those notices are a form of "malvertising":
those fake notices get triggered by code contained in ads that are displayed on
otherwise legitimate websites you are visiting and get spread through
advertisement networks. This is an example how such a fake update notice may
look like - they are hosted on randomly generated and quickly changing domains.
Click here
to discover how to protect your computer from this scam, but "the best rule
of thumb" is to never download any unknown patches. Check with Java and Firefox's Mozilla Support Community first.
