Firefox users have targeted by new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page. Firefox users have targeted by new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.Fake antivirus scams are legion, and ones using bogus update pages of one sort of another are also an established trick. The oddity of the latest incarnation of the attack, discovered by Sophos, is that it triggers only when encountering Windows users of Firefox pushed to it through a page redirect.The first big giveaway? Windows Update can only be started as a background activity in Windows or through Internet Explorer.The page itself is a copy of the Windows Update page offering an “urgent” 2.8MB download which will turn out to start a useless security scan plugging fake antivirus software. The technique is clever. Users who agree to the update without being entirely sure that it is genuine will be more easily convinced that a PC has been infected with the non-existent malware later detected by the bogus program. “Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers,” said Graham Cluley of Sophos. “Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible.”“Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place,” he said. Attacks targetting Mozilla Firefox users seem to be a mini-fashion right now. Last week, the company reported a separate scam that throws up bogus security warnings that ape the browser’s security alerts as yet another method of pushing the same useless scareware products.Neither are entirely convincing to an experienced user but they probably don’t need to be to satisfy a business model that delivers decent rewards simply for tricking a handful people into installing a fake antivirus system. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe