Password-stealing Trojan Spreading Via Fake Patch Emails

Scammers and cybercriminals are spreading a new malware over email messages, the message contain a link to Firefox software update that claims that it fixes security vulnerabilities in Mozilla browser but definitely link lead to a Mozilla Firefox 5.0.1 patch embedded with Trojan horse Troj/PWS-BSF.

Trojan identified by Sophos as Troj/PWS-BSF, is reportedly capable of stealing passwords and text of email message looks as follows:

Important notice

A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available. Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available. A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates.

For security reasons please update your firefox version now

[LINK]

So if you receive a similar email make sure to report the email and sender to authority so they can follow criminals behind this message.

By default, Firefox is configured to automatically check for updates for itself and notify you when one is available. When prompted, just click OK and the newest version will be downloaded and installed on your computer.

Share
  • AVG antivirus

    Do mouse over the ‘link’ provided and user can actually notice that the url looks suspicious.