Malicious Mozilla Firefox Download Leads To Potentially Unwanted Application

Malicious Firefox Ads

 

Security experts at Webroot says that they have been detecting malicious ads that are designed to lure users into installing privacy-invading Potentially Unwanted Applications (PUAs) to their systems. The most recent campaign consists of a successful brand-jacking abuse of Mozilla’s Firefox browser, supposedly offered for free, while in reality, the rogue download manager entices users into installing multiple rogue toolbars, most commonly known as InstallCore.

According to the blog post, the malicious download URL is: hxxp://www.ez-download.com/mozilla-firefox and the Potentially Unwanted Application that have been detected by antivirus scanners are Adware.InstallCore.86; Win32/InstallCore.BL; InstallCore (fs).

The rogue sample is digitally signed by ‘Secure Installer’ and once executed phones back to:

media.ez-download.com – 54.230.12.193
os.downloadster2cdn.com – 54.245.235.34
cdn.secureinstaller.com – 54.230.12.162
img.downloadster2cdn.com – 199.58.87.151

They advise users to avoid interacting with ads enticing them into downloading any well-known software applications, but instead visit the official Web sites for such package in order to obtain the latest versions and avoid potential traps.

To see all the URLs and IP Addresses connected to these malicious programs, visit Webroot Threat Blog.

Pin It

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>