Hackers are now taking advantage of conscientious users who have been repeatedly warned by folks like myself to keep their software, specifically their browsers, up to date. If a user happens to surf to a website hosting this new style of attack, they will be presented with a realistic-looking warning that asserts their browser is out of date, but if they click the convenient link to update the browser, they instead be infected with a trojan that will forcibly change the browser homepage to a site that will deliver a full payload of malware. If the user is unfortunate enough to have his or her anti-malware software overrun, they will quickly have a severely compromised computer.
What this means for you:
You should only ever download updates for your software from the manufacturer’s website, as it’s extremely unlikely for manufacturers to use third-party hosts for software updates. In the above example, users were directed to download an update from a domain “securebrowserupdate” which is something Microsoft, Google, Mozilla or Apple would never do for their browsers. If you happen across a pop-up warning that an update is available for your browser, and you aren’t sure it’s legitimate, close it, then check your update status through the browser’s built into the interface, usually under the “Help” menu. Still not sure? Why not call an expert like C2?
Image courtesy of Stuart Miles / FreeDigitalPhotos.net